On Improving the Accuracy and Performance of Content-Based File Type Identification
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Hi-index | 0.00 |
In this paper, we propose an anomaly detection approach that classifies packets into code-type and data-type. Our objective is to detect a packet containing codes flowing into a network port, which normally expects data packets only. The proposed approach can detect potentially malicious packets such as worms, viruses, and shellcodes. We propose a time-efficient algorithm and show the results of our initial experiments.