Extraction for Characteristics of Anomaly Accessed IP Packets Based on Statistical Analysis

Abstract

To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.