Surveying Port Scans and Their Detection Methodologies

Surveying Port Scans and Their Detection Methodologies

Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of Internet protocol addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer journal 2011-10, Vol.54 (10), p.1565-1581
Hauptverfasser: Bhuyan, Monowar H., Bhattacharyya, D.K., Kalita, J.K.
Format: Artikel
Sprache:eng
Schlagworte:
Cybersecurity
Internet
Internet Protocol
IP (Internet Protocol)
Networks
Ports
Recognition
Scanning
Software
Tasks
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of Internet protocol addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to more serious attacks. It is a very difficult task to recognize instances of malicious port scanning. In general, a port scan may be an instance of a scan by attackers or an instance of a scan by network defenders. In this survey, we present research and development trends in this area. Our presentation includes a discussion of common port scan attacks. We provide a comparison of port scan methods based on type, mode of detection, mechanism used for detection and other characteristics. This survey also reports on the available data sets and evaluation criteria for port scan detection approaches.
ISSN:0010-4620
1460-2067
DOI:10.1093/comjnl/bxr035