ROOK: Multi-session Based Network Security Event Detector

S
SAINT
2008
2008 International Symposium on Applications and the Internet
Abstract - ROOK: Multi-session Based Network Security Event Detector

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Masayoshi Mizutani Articles by Shin Shirahata Articles by Masaki Minami Articles by Jun Murai

2008 International Symposium on Applications and the Internet

July 28-August 01

ISBN: 978-0-7695-3297-4

	ASCII Text	x
	Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai, "ROOK: Multi-session Based Network Security Event Detector," Applications and the Internet, IEEE/IPSJ International Symposium on, pp. 48-54, 2008 International Symposium on Applications and the Internet, 2008.

	BibTex	x
	@article{ 10.1109/SAINT.2008.110, author = {Masayoshi Mizutani and Shin Shirahata and Masaki Minami and Jun Murai}, title = {ROOK: Multi-session Based Network Security Event Detector}, journal ={Applications and the Internet, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3297-4}, pages = {48-54}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.110}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet, IEEE/IPSJ International Symposium on TI - ROOK: Multi-session Based Network Security Event Detector SN - 978-0-7695-3297-4 SP48 EP54 A1 - Masayoshi Mizutani, A1 - Shin Shirahata, A1 - Masaki Minami, A1 - Jun Murai, PY - 2008 KW - Internet KW - Security KW - Intrusion Detection KW - Bot VL - 0 JA - Applications and the Internet, IEEE/IPSJ International Symposium on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SAINT.2008.110

We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.

Index Terms:

Internet, Security, Intrusion Detection, Bot

Citation:

Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai, "ROOK: Multi-session Based Network Security Event Detector," saint, pp.48-54, 2008 International Symposium on Applications and the Internet, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.