Compromised end-user machines are an important source of the unwanted traffic that traverses the Internet. These machines have typically installed in them malicious software that misuses their network resources. Thereby, the packet streams that a compromised machine sends out consists of legitimate and unwanted packets. In this work, we present a traffic regulation method that limits the number of unwanted packets that such machines send to the Internet. The method operates on the time-series representation of a packet stream and it examines the "burstiness" instead of the rate of packets. The method filters out packets from this stream using signatures produced with wavelet-based multi-resolution analysis, along with a similarity measure. We evaluate the proposed method with real traffic traces (i.e., Domain Name System queries from legitimate end-users and e-mail worms) and compare it with a rate limiting method. We show that the method limits the amount of unwanted traffic that a compromised end-user machine sends to the Internet while it has, compared to the rate limiting method, a lower number of legitimate packet drops. © Springer-Verlag Berlin Heidelberg 2012.
CITATION STYLE
Pujol-Gil, E., & Chatzis, N. (2012). A traffic regulation method based on MRA signatures to reduce unwanted traffic from compromised end-user machines. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7122 LNCS, pp. 264–279). Springer Verlag. https://doi.org/10.1007/978-3-642-28879-1_18
Mendeley helps you to discover research relevant for your work.