Abstract
This article shows that malicious traffic flows such as denial-of-service attacks and various scanning activities can be visualized in an intuitive manner. A simple but novel idea of plotting a packet using its source IP address, destination IP address, and the destination port in a 3-dimensional space graphically reveals ongoing attacks. Leveraging this property, combined with the fact that only three header fields per each packet need to be examined, a fast attack detection and classification algorithm can be devised.
Original language | English |
---|---|
Pages (from-to) | 30-39 |
Number of pages | 10 |
Journal | IEEE Network |
Volume | 18 |
Issue number | 5 |
DOIs | |
Publication status | Published - 2004 Sept |
Bibliographical note
Funding Information:The original idea of classifying the attacks using the three-packet header values is attributed to Heejung Sohn. We thank Jin-Ho Kim and Byung-Seung Kim for their effort in running the RADAR code on live Seoul National University backbone network traffic. We also thank the anonymous reviewers who helped improve the presentation of the article. This work was supported in part by a Korea University Grant and a NRL program of KISTEP, Korea.
ASJC Scopus subject areas
- Software
- Information Systems
- Hardware and Architecture
- Computer Networks and Communications