Detection of Port and Network Scan Using Time Independent Feature Set

Detection of Port and Network Scan Using Time Independent Feature Set

Probes or network scans are designed to identify security vulnerabilities of a network and are precursor to most of the cyber attacks. Slow, random and distributed attacks are the most difficult to detect. Extensive training over longer packet traces or larger detection window size can give better r...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Baig, Habib Ullah, Kamran, Farrukh
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer aided software engineering
Computer security
Data security
Design engineering
Intrusion detection
IP networks
Network servers
Probes
Reconnaissance
Web server
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Probes or network scans are designed to identify security vulnerabilities of a network and are precursor to most of the cyber attacks. Slow, random and distributed attacks are the most difficult to detect. Extensive training over longer packet traces or larger detection window size can give better results but requires larger memory. A model based on Time Independent Feature Set is proposed here, which can efficiently detect slow and random attacks in real time with reduce memory needs. The proposed model has been tested using DARPA 99 data set.
DOI:10.1109/ISI.2007.379554