TY - GEN
T1 - ROOK
T2 - 2008 International Symposium on Applications and the Internet, SAINT 2008
AU - Mizutani, Masayoshi
AU - Shirahata, Shin
AU - Minami, Masaki
AU - Murai, Jun
N1 - Copyright:
Copyright 2008 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.
AB - We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.
UR - http://www.scopus.com/inward/record.url?scp=53849113665&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=53849113665&partnerID=8YFLogxK
U2 - 10.1109/SAINT.2008.110
DO - 10.1109/SAINT.2008.110
M3 - Conference contribution
AN - SCOPUS:53849113665
SN - 9780769532974
T3 - Proceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008
SP - 48
EP - 54
BT - Proceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008
Y2 - 28 July 2008 through 1 August 2008
ER -