Malicious behavior
- Details
- Hits: 13289
Malicious behavior
Time slicing technique involves a 3d volume for each acquisition of data. However, slices are collected one at a time during acquisition. Although the slices are collected at different times, the 3d volume should be treated in a way that makes it appear as though all slices were collected at the same time, which is done using slice time correction. A processing script is used to do this and involves either the S or A option (Stajano, 2002).
Traffics in malicious activities flow in single packets, which reduce the number of malicious attempts under the category of no SNY. It is possible to detect malicious traffic in the fall data even when it is an attempt. Increase in the number of malicious connections results from multiple login attempts detected at MS-SQL and SSH servers. Connections that are established comprise of TCP flows of 3-wayhandshakes (Brookes, Carl, Kesidis & Rai, 2006).
Malicious behavior is detected using the Number of sequential connections. This method is based on the knowledge that malicious behavior involves random scanning on IP addresses to find out if any server is vulnerable to compromise. The method uses Network Intrusion Detection System to detect malicious attempts. Immediate response is required to ensure reduction in damage. However, the system should not falsely detect the host of the servers as malicious (Doraswamy & Harkins, 2003).Many malicious login attempts are flagged as bad authentication, which helps to detect malicious behaviors. Among the authentication technologies used include HTML forms, combination of passwords and physical symbols as well as smartcards. A common mechanism for authentication login is the use of username and password. Strong passwords must be long and not include names or words in dictionary. The password should not be same as username and must not be set to the default password (Stajano, 2002).
Custom PCAP hex method for detecting malicious activities relies on the knowledge that hackers disguise in the HTTP traffic as noise. Hackers are aware that it is hard for them to be detected in such noise as most analysts have a lot of work to do and thus may not have adequate time to detect malicious behavior. The method uses user-agent field and free tools such as wireshark and regex commands to distinguish normal behavior from malicious behavior (Brookes, Carl, Kesidis & Rai, 2006).
Protocol enforcement in finding malicious behavior involves algorithms, hash functions as well as X-OR techniques. The algorithms include the setup, the send, verify and the trace. In the setup algorithm, TTP provides secret values and symmetric keys that are common in the network. A resistant hardware stores the TTP and key values. Each driver is assigned a unique secret key by the TTP, which is followed by computation of initial values used for verification and tracing. Such values must be included in all equations to generate new values (Doraswamy & Harkins, 2003).
Protocol enforcement is another method used to find out malicious behavior by establishing contacts and correct measures of obtaining information and updated tools for detecting intrusion. The mechanism ensures that the response time during an attack is reduced. In addition, all alert processes are known from all users. Regarding network, an inventory access point should be regularly updated and accessible regularly by use of an updated configuration. The tools for management should be functional at all times. Protocol enforcement ensures that baseline-flows are well recognized. The main objective of this method is to allow easy action whenever malicious activities are detected in order to stop them (Stajano, 2002).