Optimal remote access trojans detection based on network behavior
نویسندگان
چکیده
منابع مشابه
Botnet Detection Based on Network Behavior
Current techniques for detecting botnets examine traffic content for IRC commands, monitor DNS for strange usage, or set up honeynets to capture live bots. Our botnet detection approach is to examine flow characteristics such as bandwidth, packet timing, and burst duration for evidence of botnet command and control activity. We have constructed an architecture that first eliminates traffic that...
متن کاملCatching Remote Administration Trojans (RATs)
A Remote Administration Trojan (RAT) allows an attacker to remotely control a computing system and typically consists of a server invisibly running and listening to specific TCP/UDP ports on a victim machine as well as a client acting as the interface between the server and the attacker. The accuracy of host and/or network-based methods often employed to identify RATs highly depends on the qual...
متن کاملNear-optimal tree-based access network design
Among various access network topologies, the tree topology is the most popular due to its simplicity and relatively low cost. A salient example is the CATV network. In this paper, we consider the tree-based access network design problem where the operational cost and the fixed installation cost are jointly minimized. The problem is formulated as a combinatorial optimization problem, where the d...
متن کاملAnomaly Detection Based on Access Behavior and Document Rank Algorithm
-Distributed denial of service (DDoS) attack is ongoing dangerous threat to the Internet. Commonly, DDoS attacks are carried out at the network layer, e.g., SYN flooding, ICMP flooding and UDP flooding, which are called DDoS attacks. The intention of these DDoS attacks is to utilize the network bandwidth and deny service to authorize users of the victim systems. Obtain from the low layers, new ...
متن کاملDetection Method for Network Penetrating Behavior Based on Communication Fingerprint
In order to monitor the use of network transmission software, the network penetrating technique based on encrypted proxy is discussed. By comparing the behavior of related penetration software, the concept of communication fingerprint is introduced to expand the extension of the communication features. The fingerprints database of encrypted proxy software with specific characteristics is constr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Electrical and Computer Engineering (IJECE)
سال: 2019
ISSN: 2088-8708,2088-8708
DOI: 10.11591/ijece.v9i3.pp2177-2184