Title :
Coordinated Scan Detection Algorithm Based on the Global Characteristics of Time Sequence
Author :
Yanli Lv ; Yuanlong Li ; Shouzhong Tu ; Shuang Xiang ; Chunhe Xia
Author_Institution :
Beijing Key Lab. of Network Technol., Beihang Univ., Beijing, China
Abstract :
Scanning acquires status information regarding target hosts. In networks, attackers often conduct coordinated scans of the target host or network segment because such scans are efficient and stealthy. However, an algorithm that effectively detects coordinated scans has not yet been developed. In this study, we identify a coordinated scan under a single controller during a clustering analysis of the scan sequence. This scan sequence was determined through time sequence, and the clustering analysis was based on the global characteristics of the time sequence. Simulation and test results demonstrated that the proposed algorithm can detect scans more frequently and more accurately than existing algorithms.
Keywords :
computer network security; pattern clustering; clustering analysis; coordinated scan detection algorithm; time sequence characteristics; Algorithm design and analysis; Clustering algorithms; Correlation; Detection algorithms; IP networks; Laboratories; Ports (Computers); clustering analysis; coordinatedtest; global characteristics; scan; scantest;
Conference_Titel :
Broadband and Wireless Computing, Communication and Applications (BWCCA), 2014 Ninth International Conference on
Conference_Location :
Guangdong
Print_ISBN :
978-1-4799-4174-2
DOI :
10.1109/BWCCA.2014.64
