The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic

Jacob Zimmermann; Fabien Pouget; Marc Dacier; Andrew Clark; George Mohay

doi:10.1109/SADFE.2005.26

S
SADFE
2005
First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)
Abstract - The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jacob Zimmermann Articles by Andrew Clark Articles by George Mohay Articles by Fabien Pouget Articles by Marc Dacier

First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05)

The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic

Taipei, Taiwan

November 07-November 09

ISBN: 0-7695-2478-8

	ASCII Text	x
	Jacob Zimmermann, Andrew Clark, George Mohay, Fabien Pouget, Marc Dacier, "The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic," Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on, pp. 89-104, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005.

	BibTex	x
	@article{ 10.1109/SADFE.2005.26, author = {Jacob Zimmermann and Andrew Clark and George Mohay and Fabien Pouget and Marc Dacier}, title = {The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic}, journal ={Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on}, volume = {0}, year = {2005}, isbn = {0-7695-2478-8}, pages = {89-104}, doi = {http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.26}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on TI - The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic SN - 0-7695-2478-8 SP89 EP104 A1 - Jacob Zimmermann, A1 - Andrew Clark, A1 - George Mohay, A1 - Fabien Pouget, A1 - Marc Dacier, PY - 2005 KW - null VL - 0 JA - Systematic Approaches to Digital Forensic Engineering, IEEE International Workshop on ER -

Jacob Zimmermann, Jacob Zimmermann

Andrew Clark, Andrew Clark

George Mohay, George Mohay

Fabien Pouget, Fabien Pouget

Marc Dacier, Marc Dacier

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SADFE.2005.26

Monitoring the Internet reveals incessant activity, that has been referred to as background radiation. In this paper, we propose an original approach that makes use of packet Inter- Arrival Times, or IATs, t o analyse and identify such abnormal or unexpected network activity. Our study exploits a large set of data collected on a distributed network of honeypots during more than six months. Our main contribution in this paper is t o demonstrate the usefulness of IAT analysis for network forensic purposes, and we illustrate this with examples in which we analyse particular IAT peak values. In addition, we pinpoint some network anomalies that we have been able to determine through such analysis.

Citation:

Jacob Zimmermann, Andrew Clark, George Mohay, Fabien Pouget, Marc Dacier, "The Use of Packet Inter-Arrival Times for Investigating Unsolicited Internet Traffic," sadfe, pp.89-104, First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.