Towards trapping wily intruders in the large

Glenn Mansfield, Kohei Ohta, Y. Takei, N. Kato, Y. Nemoto

Research output: Contribution to journalArticlepeer-review

24 Citations (Scopus)


Intrusions are in general characterized by some noise or indications. In the network context these signals may be seen in the TCP-RESET packets and the ICMP echo-response or destination/port unreachable packets. Analysis of network traffic has shown that the profiles of such signals due to intrusion attempts are distinctly different from those due to routine operations and/or unintentional mistakes. By monitoring such suspicious signals in a distributed framework, intrusions or attempts thereof can be effectively detected. To track down attackers who may be using spoofed addresses, a new technique-based on traffic pattern monitoring is introduced. The traffic patterns can be traced across networks. For this purpose we have developed an SNMP-based messaging system which allows `friendly' networks to collaborate in tracking down the intruder. Results using prototype implementations on a medium size operational network are presented.

Original languageEnglish
Pages (from-to)659-670
Number of pages12
JournalComputer Networks
Issue number4
Publication statusPublished - 2000 Oct

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Towards trapping wily intruders in the large'. Together they form a unique fingerprint.

Cite this