Imperial College London
Portrait Picture

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 1490n.heard Website

 
 
//

Location

 

543Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Heard:2014:10.1109/JISIC.2014.52,
author = {Heard, N and Rubin-Delanchy, P and Lawson, D},
doi = {10.1109/JISIC.2014.52},
pages = {268--271},
publisher = {IEEE},
title = {Filtering automated polling traffic in computer network flow data},
url = {http://dx.doi.org/10.1109/JISIC.2014.52},
year = {2014}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - Detecting polling behaviour in a computer network has two important applications. First, the polling can be indicative of malware beaconing, where an undetected software virus sends regular communications to a controller. Second, the cause of the polling may not be malicious, since it may correspond to regular automated update requests permitted by the client, to build models of normal host behaviour for signature-free anomaly detection, this polling behaviour needs to be understood. This article presents a simple Fourier analysis technique for identifying regular polling, and focuses on the second application: modelling the normal behaviour of a host, using real data collected from the computer network of Imperial College London.
AU  - Heard,N
AU  - Rubin-Delanchy,P
AU  - Lawson,D
DO  - 10.1109/JISIC.2014.52
EP  - 271
PB  - IEEE
PY  - 2014///
SP  - 268
TI  - Filtering automated polling traffic in computer network flow data
UR  - http://dx.doi.org/10.1109/JISIC.2014.52
UR  - http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000411486600043&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=1ba7043ffcc86c417c072aa74d649202
UR  - http://hdl.handle.net/10044/1/54202
ER  -
Download