ROOK: Multi-session based network security event detector

Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by rules that describe multi-session correlations: a rule includes the order of starting sessions and information exchange between sessions. By this method, ROOK detected DNS and IRC activities of bots in the experiment.

Original languageEnglish
Title of host publicationProceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008
Pages48-54
Number of pages7
DOIs
Publication statusPublished - 2008 Oct 20
Event2008 International Symposium on Applications and the Internet, SAINT 2008 - Turku, Finland
Duration: 2008 Jul 282008 Aug 1

Publication series

NameProceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008

Other

Other2008 International Symposium on Applications and the Internet, SAINT 2008
CountryFinland
CityTurku
Period08/7/2808/8/1

    Fingerprint

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Mizutani, M., Shirahata, S., Minami, M., & Murai, J. (2008). ROOK: Multi-session based network security event detector. In Proceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008 (pp. 48-54). [4604542] (Proceedings - 2008 International Symposium on Applications and the Internet, SAINT 2008). https://doi.org/10.1109/SAINT.2008.110