Feature Selection From Traffic Analysis For Computer Network Backdoor Detection
Attacks on computer networks happen every day, but many go undetected. Not all attacks succeed, but the ones that do often leave so called “back doors” behind that allow the attackers to easily gain access back into the computer network without having to attack it further. This project focuses on the use of mathematics and statistics to determine what features of network traffic (the data flowing on the wire between a computer network and the rest of the internet) can be used to determine if an unauthorized back door is present in a computer network. Determining these features is essential to being able to detect the presence of a back door, because the methods that are in place to do so require knowledge of what to look for before they can find it. TRTech, an industry R+D consortium, is sponsoring this project. The results will also be used to further improve the detection capabilities of Seccuris's (Canada's leading information assurance provider, and member of TRTech) network monitoring service.