Detecting and tracing illegal access by using traffic pattern matching technique

Illegal access on the Internet has become a problem in recent years. Since illegal access aimed at the network significantly affects the entire network, there has been an urgent need to establish countermeasures. Observing network traffic is considered an effective means for detecting this type of illegal access. However, problems presented by the kinds of illegal access represented by a DoS (Denial of Service) attack are that the attacker can alter the packet source address. Acquiring and analyzing packet information is also difficult due to the increased network speed. Therefore, there is an urgent need to establish a reliable and low-impact observation technique and a technique that enables attackers to be traced in future high-speed network environments. In this paper, the authors propose an algorithm for detecting illegal access by extracting and comparing changes in traffic patterns and show that illegal access can be detected and traced by applying this algorithm. © 2003 Wiley Periodicals, Inc. Electron Comm Jpn Pt 1, 87(1): 61–71, 2004; Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/ecja.10014