• DocumentCode
    1914018
  • Title

    A probabilistic approach to detecting network scans

  • Author

    Leckie, C. ; Kotagiri, R.

  • Author_Institution
    Dept. of Electr. & Electron. Eng., Melbourne Univ., Parkville, Vic., Australia
  • fYear
    2002
  • fDate
    2002
  • Firstpage
    359
  • Lastpage
    372
  • Abstract
    This paper presents a probabilistic approach for detecting network scans in real-time. Unlike previous approaches, our model takes into consideration both the number of destinations or ports accessed by a source, as well as how unusual these accesses are. We demonstrate the effectiveness of our approach in terms of accuracy and throughput, based on an analysis of the unusual sources that were found in real-life packet trace files.
  • Keywords
    packet switching; probability; security of data; telecommunication network management; accuracy; anomaly detection; probabilistic detection algorithm; real-life packet trace files; real-time network scans detection; security management; signature detection; throughput; Intelligent networks; Intrusion detection; Network topology; Operating systems; Performance analysis; Security; Software systems; Telecommunication traffic; Throughput; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium, 2002. NOMS 2002. 2002 IEEE/IFIP
  • Print_ISBN
    0-7803-7382-0
  • Type

    conf

  • DOI
    10.1109/NOMS.2002.1015594
  • Filename
    1015594
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1914018