Location of Repository

Analyzing Network Traffic for Malicious Hacker Activity

By Randall Pyke


Since the Internet came into life in the 1970s, it has been growing more than 100% every year. On the other hand, the solutions to detecting network intrusion are far outpaced. The economic impact of malicious attacks in lost revenue to a single e-commerce company can vary from 66 thousand up to 53 million US dollars. At the same time, there is no effective mathematical model widely available to distinguish anomaly network behaviours such as port scanning, system exploring, virus and worm propagation from normal traffic. PDS proposed by Random Knowledge Inc., detects and localizes traffic patterns consistent with attacks hidden within large amounts of legitimate traffic. With the network’s packet traffic stream being its input, PDS relies on high fidelity models for normal traffic from which it can critically judge the legitimacy of any substream of packet traffic. Because of the reliability on an accurate baseline model for normal network traffic, in this workshop, we concentrate on modelling normal network traffic with a Poisson process

Topics: Information and communication technology
Year: 2004
OAI identifier: oai:generic.eprints.org:181/core70

Suggested articles



  1. (1954). A test of goodness of fit.
  2. (1952). Asymptotic theory of certain “goodness of fit” criteria based on stochastic processes.
  3. (1974). EDF Statistics for Goodness of Fit and Some Comparisons, doi
  4. (1991). Nonparametric estimation of the cumulative intensity function for a nonhomogeneous Poisson process. doi
  5. (1978). On a measure of lack of fit in time series models. doi
  6. (2002). The Return on Investment for Network Security,
  7. (1995). Wide-Area Traffic: The Failure of Poisson Modeling. doi

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.