A Finite State Machine Model of TCP Connections in the Transport Layer

PDF

Authors
  1. Treurniet, J.
  2. Lefebvre, J.H.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Abstract
Finite state machine can be used to detect anomalous behaviour in TCP traffic by describing the progression of a connection through states as a result of events based on header flags. The method was applied to real traffic to understand its realistic use and it was found that for the time period analysed here, on the order of 37% of TCP connections do not follow the TCP protocol specifications. The majority of these are a result of malicious activity, and approximately 4% are due to benign anomalies such as unresponsive hosts and misconfigurations. The method may be applied as a network security measure, as a network management and or as a research tool for the study of TCP behaviour on the Internet.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2003-139 — Technical Memorandum
Date of publication
01 Nov 2003
Number of Pages
36
DSTKIM No
CA023219
CANDIS No
520460
Format(s):
Hardcopy;CD ROM

Permanent link

Document 1 of 1

Date modified: