TCP/IP traffic patterns: attacks, errors, steganography or normal behaviour?

Marta Rybczyńska

Abstract


This paper presents the results of research on the way the network security is affected by thecurrent state of TCP-IP protocol suite behaviour. A number of examples of possible issues arepresented. When discussing classes of such issues, it is pointed out that security is affected by theexistence of not only incorrect implementations, but also differences in implementations that canbe used for various purposes.In the main part of the paper an analysis of the traffic collected on an Internet backbone linkfrom the year 1999 up to 2006 is presented. The results show that the predicted behaviour can beobserved in the real-world traffic. The differences between the measurement results and the theoryare analysed, with a more in-depth look into a number of patterns and the changes of the patternsbetween the traffic collected in different years. In addition, an operating system detection tool isused to estimate the operating systems used by the nodes. Then the estimation is compared withanomaly patterns and the conclusions are presented. After analysing the findings, the pros andcons to different possible explanations of the observed patterns are presented, including flaws,attacks, various kinds of errors and steganography.

Full Text:

PDF


DOI: http://dx.doi.org/10.17951/ai.2007.6.1.185-194
Date of publication: 2015-01-04 00:00:00
Date of submission: 2016-04-27 10:20:06


Statistics


Total abstract view - 342
Downloads (from 2020-06-17) - PDF - 0

Indicators



Refbacks

  • There are currently no refbacks.


Copyright (c) 2015 Annales UMCS Sectio AI Informatica

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.