|
Passive Visual Fingerprinting of Network Attack Tools |
|
|
|
Source: Rumint.org - Posted by Benjamin D. Thomas
|
This paper examines the dramatic visual fingerprints
left by a wide variety of popular network attack tools in
order to better understand the specific methodologies
used by attackers as well as the identifiable
characteristics of the tools themselves. The techniques
used are entirely passive in nature and virtually
undetectable by the attackers. While much work has
been done on active and passive operating systems
detection, little has been done on fingerprinting the
specific tools used by attackers. This research explores
the application of several visualization techniques and
their usefulness toward identification of attack tools,
without the typical automated intrusion detection
system’s signatures and statistical anomalies. These
visualizations were tested using a wide range of
popular network security tools and the results show
that in many cases, the specific tool can be identified
and provides intuition that many classes of zero-day
attacks can be rapidly detected and analyzed using
similar techniques.
Read this full article at Rumint.org
Powered by AkoComment! |
