Filtering automated polling traffic in computer network flow data

Research output: Contribution to conferenceConference Paperpeer-review

13 Citations (Scopus)
350 Downloads (Pure)

Abstract

Detecting polling behaviour in a computer network has two important applications. First, the polling can be indicative of malware beaconing, where an undetected software virus sends regular communications to a controller. Second, the cause of the polling may not be malicious, since it may correspond to regular automated update requests permitted by the client, to build models of normal host behaviour for signature-free anomaly detection, this polling behaviour needs to be understood. This article presents a simple Fourier analysis technique for identifying regular polling, and focuses on the second application: modelling the normal behaviour of a host, using real data collected from the computer network of Imperial College London.
Original languageEnglish
Pages268-271
Number of pages4
DOIs
Publication statusPublished - 26 Sep 2014
EventIntelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint - The Hague, Netherlands
Duration: 24 Sep 201426 Sep 2014

Conference

ConferenceIntelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Country/TerritoryNetherlands
CityThe Hague
Period24/09/1426/09/14

Bibliographical note

Print ISBN: 978-1-4799-6363-8

Fingerprint

Dive into the research topics of 'Filtering automated polling traffic in computer network flow data'. Together they form a unique fingerprint.

Cite this