The use of packet inter-arrival times for investigating unsolicited internet traffic

Jacob Zimmermann, Andrew Clark, George Mohay, Fabien Pouget, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet Inter-Arrival Times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.

Original languageEnglish
Title of host publicationProceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering
Pages89-104
Number of pages16
Volume2005
DOIs
Publication statusPublished - 2005
Externally publishedYes
EventProceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering - Taipei
Duration: 7 Nov 20059 Nov 2005

Other

OtherProceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering
CityTaipei
Period7/11/059/11/05

Fingerprint

Internet
Radiation
Monitoring
Digital forensics

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Zimmermann, J., Clark, A., Mohay, G., Pouget, F., & Dacier, M. (2005). The use of packet inter-arrival times for investigating unsolicited internet traffic. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering (Vol. 2005, pp. 89-104). [1592524] https://doi.org/10.1109/SADFE.2005.26

The use of packet inter-arrival times for investigating unsolicited internet traffic. / Zimmermann, Jacob; Clark, Andrew; Mohay, George; Pouget, Fabien; Dacier, Marc.

Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. Vol. 2005 2005. p. 89-104 1592524.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zimmermann, J, Clark, A, Mohay, G, Pouget, F & Dacier, M 2005, The use of packet inter-arrival times for investigating unsolicited internet traffic. in Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. vol. 2005, 1592524, pp. 89-104, Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering, Taipei, 7/11/05. https://doi.org/10.1109/SADFE.2005.26
Zimmermann J, Clark A, Mohay G, Pouget F, Dacier M. The use of packet inter-arrival times for investigating unsolicited internet traffic. In Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. Vol. 2005. 2005. p. 89-104. 1592524 https://doi.org/10.1109/SADFE.2005.26
Zimmermann, Jacob ; Clark, Andrew ; Mohay, George ; Pouget, Fabien ; Dacier, Marc. / The use of packet inter-arrival times for investigating unsolicited internet traffic. Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering. Vol. 2005 2005. pp. 89-104
@inproceedings{2339afff6b25491d95a221dae5bf2c52,
title = "The use of packet inter-arrival times for investigating unsolicited internet traffic",
abstract = "Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet Inter-Arrival Times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.",
author = "Jacob Zimmermann and Andrew Clark and George Mohay and Fabien Pouget and Marc Dacier",
year = "2005",
doi = "10.1109/SADFE.2005.26",
language = "English",
isbn = "0769524788",
volume = "2005",
pages = "89--104",
booktitle = "Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering",

}

TY - GEN

T1 - The use of packet inter-arrival times for investigating unsolicited internet traffic

AU - Zimmermann, Jacob

AU - Clark, Andrew

AU - Mohay, George

AU - Pouget, Fabien

AU - Dacier, Marc

PY - 2005

Y1 - 2005

N2 - Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet Inter-Arrival Times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.

AB - Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet Inter-Arrival Times, or IATs, to analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is to demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.

UR - http://www.scopus.com/inward/record.url?scp=33847225917&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33847225917&partnerID=8YFLogxK

U2 - 10.1109/SADFE.2005.26

DO - 10.1109/SADFE.2005.26

M3 - Conference contribution

SN - 0769524788

SN - 9780769524788

VL - 2005

SP - 89

EP - 104

BT - Proceedings - First International Workshop on Systematic Approaches to Digital Forensic Engineering

ER -