An Analysis on Distribution of Malicious Packets and Threats over the Internet

摘要

Internet worms pose great threats for computer systems connected to the Internet. Malicious packets sent by Internet worms or port-scan activities can be captured by monitoring ports of IP addresses where any network service is provided. We present an analysis of distribution of malicious packets over the Internet and show evaluation of Internet threats.Several methods have been proposed for detecting threats over the Internet based on monitoring malicious packets. Most of these methods apply statistical methods to time-series frequencies of malicious packets. We proposes a method for evaluating threats on the Internet based on graph defined by the sources and destinations of monitored malicious packets. In order to evaluate threats, we formulate two relationships between threats of the worms and vulnerability of ports of network services and apply Eigenvalue problem to derive threat levels of network ports. We applied our method to working examples monitored during the period of worm outbreaks to show the effectiveness of our method.