TY - GEN
T1 - A Lightweight Abnormality Detection Mechanism by Stray Packets Analysis
AU - Jin, Yong
AU - Matsuura, Satoshi
AU - Kondo, Takao
AU - Hosokawa, Tatsumi
AU - Tomoishi, Masahiko
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/3/20
Y1 - 2023/3/20
N2 - An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.
AB - An academic organization network, e.g., a campus network, is running with limited financial support and manpower while it faces the same operational issues and cybersecurity threats as other organizations. Including the existing network facilities and computers for service providing, the increase of mobile devices such as BYOD becomes an issue in terms of misconfiguration and vulnerabilities. The current security systems focus on the backbone network so that the detailed traffic monitoring and data analysis cannot cover the abnormal behavior of all individual endpoints. In general, a misconfigured or intruded computer conducts some abnormal behavior, e.g., sending stray packets, compared to a normal device. Based on this point, we propose a lightweight abnormality detection mechanism by monitoring the stray packets in order to mitigate the above issues. As a result, not only the abnormal behavior can be detected but also maintain the performance of the existing security systems. In this paper, we describe the design and architecture of our proposed Traffic Analyzer', including the implementation and evaluation of our prototype system.
KW - abnormal behavior detection
KW - lightweight mechanism
KW - network security
KW - network traffic analysis
KW - stray packet monitoring
UR - http://www.scopus.com/inward/record.url?scp=85151567312&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85151567312&partnerID=8YFLogxK
U2 - 10.1145/3539811.3579559
DO - 10.1145/3539811.3579559
M3 - Conference contribution
AN - SCOPUS:85151567312
T3 - Proceedings ACM SIGUCCS User Services Conference
SP - 9
EP - 11
BT - SIGUCCS 2023 - Proceedings of the 2023 ACM SIGUCCS Annual Conference
PB - Association for Computing Machinery
T2 - 50th ACM SIGUCCS User Services Annual Conference, SIGUCCS 2023
Y2 - 26 March 2023 through 29 March 2023
ER -