Abstract
Previous studies have shown the feasibility of deriving simple indicators of file transfers, human-interactivity, and other important behavioural characteristics. We are proposing a practical implementation and use of such indicators with NetMate. In its current state as a work in progress, our extended version of NetMate will already be of interest to network security practitioners conducting incident analysis. The tool can be used to post-process traffic traces containing suspicious flows in order to obtain a behavioural description of the incident and surrounding traffic activities. With further development, the approach has great potential for other use cases such as intrusion detection, insider threat detection, and traffic classification. © 2009 Springer Berlin Heidelberg.
Cite
CITATION STYLE
De Montigny-Leboeuf, A., Couture, M., & Massicotte, F. (2009). Traffic behaviour characterization using netmate. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5758 LNCS, pp. 367–368). https://doi.org/10.1007/978-3-642-04342-0_27
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
