Network abnormal behaviour analysis system

Sunoh Choi; Yangseo Choi; Jooyoung Lee; Jonghyun Kim; Ikkyun Kim

doi:10.23919/ICACT.2017.7890055

Network abnormal behaviour analysis system

Sunoh Choi
, Yangseo Choi
, Jooyoung Lee
, Jonghyun Kim
, Ikkyun Kim

Department of Software Engineering

Electronics and Telecommunications Research Institute

Research output: Contribution to conference › Conference paper › peer-review

4 Scopus citations

Abstract

As cyber attacks have increased in recent years, network forensics, which collects and analyses network packets as well as digital forensics, has been studied. However, high-speed networks such as 1 or 10 Gbps networks have many network flows. For example, a 1 Gbps network has hundreds of millions of network flows per day. Analysing network traffic in this situation is very difficult and time-consuming. In this paper, we propose a system that can analyse network abnormal behaviour quickly and easily. We first propose a system that stores the TCP flag when generating network flows. Second, we present some ways to use the TCP flag in network flows to analyse network anomalies such as persistent outbound connections.

Original language	English
Title of host publication	19th International Conference on Advanced Communications Technology
Subtitle of host publication	Opening Era of Smart Society, ICACT 2017 - Proceeding
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	49-52
Number of pages	4
ISBN (Electronic)	9788996865094
DOIs	https://doi.org/10.23919/ICACT.2017.7890055
State	Published - 2017.03.29
Event	19th International Conference on Advanced Communications Technology, ICACT 2017 - Pyeongchang, Korea, Republic of Duration: 2017.02.19 → 2017.02.22

Publication series

Name	International Conference on Advanced Communication Technology, ICACT
ISSN (Print)	1738-9445

Conference

Conference	19th International Conference on Advanced Communications Technology, ICACT 2017
Country/Territory	Korea, Republic of
City	Pyeongchang
Period	17.02.19 → 17.02.22

Keywords

Analysis
Network flow

Access to Document

10.23919/ICACT.2017.7890055

Cite this

Choi, S., Choi, Y., Lee, J., Kim, J., & Kim, I. (2017). Network abnormal behaviour analysis system. In 19th International Conference on Advanced Communications Technology: Opening Era of Smart Society, ICACT 2017 - Proceeding (pp. 49-52). Article 7890055 (International Conference on Advanced Communication Technology, ICACT). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/ICACT.2017.7890055

@inproceedings{6b2b196be5264456a7b36a0208f6df9e,

title = "Network abnormal behaviour analysis system",

abstract = "As cyber attacks have increased in recent years, network forensics, which collects and analyses network packets as well as digital forensics, has been studied. However, high-speed networks such as 1 or 10 Gbps networks have many network flows. For example, a 1 Gbps network has hundreds of millions of network flows per day. Analysing network traffic in this situation is very difficult and time-consuming. In this paper, we propose a system that can analyse network abnormal behaviour quickly and easily. We first propose a system that stores the TCP flag when generating network flows. Second, we present some ways to use the TCP flag in network flows to analyse network anomalies such as persistent outbound connections.",

keywords = "Analysis, Network flow",

author = "Sunoh Choi and Yangseo Choi and Jooyoung Lee and Jonghyun Kim and Ikkyun Kim",

note = "Publisher Copyright: {\textcopyright} 2017 Global IT Research Institute - GiRI.; 19th International Conference on Advanced Communications Technology, ICACT 2017 ; Conference date: 19-02-2017 Through 22-02-2017",

year = "2017",

month = mar,

day = "29",

doi = "10.23919/ICACT.2017.7890055",

language = "English",

series = "International Conference on Advanced Communication Technology, ICACT",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "49--52",

booktitle = "19th International Conference on Advanced Communications Technology",

}

Choi, S, Choi, Y, Lee, J, Kim, J & Kim, I 2017, Network abnormal behaviour analysis system. in 19th International Conference on Advanced Communications Technology: Opening Era of Smart Society, ICACT 2017 - Proceeding., 7890055, International Conference on Advanced Communication Technology, ICACT, Institute of Electrical and Electronics Engineers Inc., pp. 49-52, 19th International Conference on Advanced Communications Technology, ICACT 2017, Pyeongchang, Korea, Republic of, 17.02.19. https://doi.org/10.23919/ICACT.2017.7890055

Network abnormal behaviour analysis system. / Choi, Sunoh; Choi, Yangseo; Lee, Jooyoung et al.
19th International Conference on Advanced Communications Technology: Opening Era of Smart Society, ICACT 2017 - Proceeding. Institute of Electrical and Electronics Engineers Inc., 2017. p. 49-52 7890055 (International Conference on Advanced Communication Technology, ICACT).

Research output: Contribution to conference › Conference paper › peer-review

TY - GEN

T1 - Network abnormal behaviour analysis system

AU - Choi, Sunoh

AU - Choi, Yangseo

AU - Lee, Jooyoung

AU - Kim, Jonghyun

AU - Kim, Ikkyun

PY - 2017/3/29

Y1 - 2017/3/29

N2 - As cyber attacks have increased in recent years, network forensics, which collects and analyses network packets as well as digital forensics, has been studied. However, high-speed networks such as 1 or 10 Gbps networks have many network flows. For example, a 1 Gbps network has hundreds of millions of network flows per day. Analysing network traffic in this situation is very difficult and time-consuming. In this paper, we propose a system that can analyse network abnormal behaviour quickly and easily. We first propose a system that stores the TCP flag when generating network flows. Second, we present some ways to use the TCP flag in network flows to analyse network anomalies such as persistent outbound connections.

AB - As cyber attacks have increased in recent years, network forensics, which collects and analyses network packets as well as digital forensics, has been studied. However, high-speed networks such as 1 or 10 Gbps networks have many network flows. For example, a 1 Gbps network has hundreds of millions of network flows per day. Analysing network traffic in this situation is very difficult and time-consuming. In this paper, we propose a system that can analyse network abnormal behaviour quickly and easily. We first propose a system that stores the TCP flag when generating network flows. Second, we present some ways to use the TCP flag in network flows to analyse network anomalies such as persistent outbound connections.

KW - Analysis

KW - Network flow

UR - https://www.scopus.com/pages/publications/85018471323

U2 - 10.23919/ICACT.2017.7890055

DO - 10.23919/ICACT.2017.7890055

M3 - Conference paper

AN - SCOPUS:85018471323

T3 - International Conference on Advanced Communication Technology, ICACT

SP - 49

EP - 52

BT - 19th International Conference on Advanced Communications Technology

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 19th International Conference on Advanced Communications Technology, ICACT 2017

Y2 - 19 February 2017 through 22 February 2017

ER -

Choi S, Choi Y, Lee J, Kim J, Kim I. Network abnormal behaviour analysis system. In 19th International Conference on Advanced Communications Technology: Opening Era of Smart Society, ICACT 2017 - Proceeding. Institute of Electrical and Electronics Engineers Inc. 2017. p. 49-52. 7890055. (International Conference on Advanced Communication Technology, ICACT). doi: 10.23919/ICACT.2017.7890055

Network abnormal behaviour analysis system

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this