Detecting network intrusions via a statistical analysis of network packet characteristics

With the growing threat of abuse of network resources, it becomes increasingly important to be able to detect malformed packets on a network and estimate the damage they fan came. Carefully constructed, certain type of packets can cause a victim host to crash white other packets may be sent only to gather necessary information about hosts and networks and can he viewed as a prelude to attack. In this paper we collect and analyze ail of the IP and TCP packets seen on a network that either violate existing standards or should not appear in modern internets. Our goal is to determine what these suspicious packets mean and evaluate what proportion of such packets can cause actual damage. Thus, we divide unusual packets obtained during our experiments into several categories depending on the severity or their consequences, including indirect consequences as a result of information gathering, and show the results. The traces analyzed were gathered at Ohio University's main Internet link, providing a massive amount of statistical data.