Finding IRC-like Meshes Sans Layer 7 Payloads
نویسندگان
چکیده
We present an algorithm for detecting IRC-like chat networks that does not rely on Layer 7 payload information. The goal is to extract only those meshes from conventional flows where long-term periodic data is being exchanged between an external server and multiple internal clients. Flow data is passed through a series of filters that reduce the memory requirements needed for final candidate mesh sorting. Final outputs consist of two sorted lists including the fanout list, sorted by the number of client hosts in the mesh, and a secondary list called the evil sort. The latter consists of meshes with any host with a high TCP work weight1 [3] indicating significant counts of scanning hosts. We are currently able to discover SSL-encoded IRC meshes as well as other chatlike meshes including MSN chat. Therefore we believe that the new algorithm will prove useful in detecting botnet meshes encrypted at Layer 7.
منابع مشابه
An Algorithm for Anomaly-based Botnet Detection
We present an anomaly-based algorithm for detecting IRC-based botnet meshes. The algorithm combines an IRC mesh detection component with a TCP scan detection heuristic called the TCP work weight. The IRC component produces two tuples, one for determining the IRC mesh based on IP channel names, and a sub-tuple which collects statistics (including the TCP work weight) on individual IRC hosts in c...
متن کاملMacular segmentation with optical coherence tomography.
PURPOSE To develop a software algorithm to perform automated segmentation of retinal layer structures on linear macular optical coherence tomography (StratusOCT; Carl Zeiss Meditec, Inc., Dublin, CA) scan images and to test its performance in discriminating normal from glaucomatous eyes in comparison with conventional circumpapillary nerve fiber layer (cpNFL) thickness measurement. METHODS Fo...
متن کاملMonomeric Amyloid Beta Peptide in Hexafluoroisopropanol Detected by Small Angle Neutron Scattering
Small proteins like amyloid beta (Aβ) monomers are related to neurodegenerative disorders by aggregation to insoluble fibrils. Small angle neutron scattering (SANS) is a nondestructive method to observe the aggregation process in solution. We show that SANS is able to resolve monomers of small molecular weight like Aβ for aggregation studies. We examine Aβ monomers after prolonged storing in d-...
متن کاملSome Experiences with IRC, Webcams, and a Virtual Environment as Means for Informal Communication Theme: Collaborative Work and Education
Within the framework of an exploratory Human Factors study three systems were examined in terms of their usefulness and usability for informal communication of distributed work groups: An Internet Relay Chat (IRC) system, an IRC system supplemented by Webcam pictures (i.e. periodically updated still pictures on a Web page), and a virtual environment system. Results showed, among other things, t...
متن کاملFirst VLBI mapping of a rare SiO isotopic substitution
We report the first VLBI map of the 7 mm v=0 J=1–0 maser line of the 29 SiO isotopic substitution in the long period variable star IRC +10011. We have found that this maser emission is composed of multiple features distributed in an incomplete ring, suggesting that this maser is also amplified tangentially as already proposed in other SiO circumstellar masers. We present also the results for so...
متن کامل