This paper describes System Detection's surveillance detection techniques for enclave environments (ESD) and peering center environments (PSD) and evaluates each technique over data gathered from two different network environments. ESD is evaluated over 74 hours of tcpdump packet traces (344 million packets) from a large enclave; PSD is evaluated over 5 hours of tcpdump packet traces (110 million packets) gathered from a peering center. Both surveillance detection modules were executed over the audit data offline to generate surveillance detection alerts, though the systems can be run in real-time as well. The results show that both ESD and PSD accurately discover great quantities of surveillance activities (including long-lived and distributed scans) and can be tuned to reduce the volume of alerts.
Did you find this white paper useful?
Related white papers
Innovative IT Solution Clears Brussels International Airport for Take-Off on the Information Runway
swITch as a subsidiary of Brussels International Airport Company (BIAC) founded in 1996, swITch not only provides the highest levels of information communications technology (ICT) in Brussels but also resells...
Nortel Networks Case Study: Gwent Healthcare NHS Trust
The Gwent Healthcare NHS Trust is one of the largest NHS Trusts in Wales providing high-quality healthcare to more than 600,000 people. Its major challenge is balancing between increasing demands...
Nortel Secures Managed Care for Internet Traffic at ProMedica Health System
ProMedica Health System is a not-for-profit healthcare organization of more than 209 healthcare facilities in Ohio and Michigan. They needed to regulate and secure traffic on the organization's fractional DS-3...
Next-Generation Optical Transmission Fibers
The first part of this paper gives a brief introduction of modern optical transmission fiber technology. The second part of this paper illustrates detailed numerical analysis, lab tests, and field...
Layer 3 Malformed Packet Testing in MCI's Public IP Network
Malformed packets associated with routing protocols can cause undesirable consequences if not detected and contained properly as close to the originator as possible. This issue magnifies in scope and complexity...
Network Intrastructure: Getting Started with VoIP
IP/Ethernet networks are fast becoming an attractive and viable utility for supporting high-quality voice in a converged network. Bringing disparate voice and data systems together into a multi-service network can...
Internet Acceptable Use Policies: Navigating the Management, Legal and Technical Issues
Many organizations have discovered the hard way that unrestricted and unmanaged Internet access by employees can lead to dire consequences in the form of wasted time, lost productivity, misappropriation of...
