• DocumentCode
    233126
  • Title

    Coordinated Scan Detection Algorithm Based on the Global Characteristics of Time Sequence

  • Author

    Yanli Lv ; Yuanlong Li ; Shouzhong Tu ; Shuang Xiang ; Chunhe Xia

  • Author_Institution
    Beijing Key Lab. of Network Technol., Beihang Univ., Beijing, China
  • fYear
    2014
  • fDate
    8-10 Nov. 2014
  • Firstpage
    199
  • Lastpage
    206
  • Abstract
    Scanning acquires status information regarding target hosts. In networks, attackers often conduct coordinated scans of the target host or network segment because such scans are efficient and stealthy. However, an algorithm that effectively detects coordinated scans has not yet been developed. In this study, we identify a coordinated scan under a single controller during a clustering analysis of the scan sequence. This scan sequence was determined through time sequence, and the clustering analysis was based on the global characteristics of the time sequence. Simulation and test results demonstrated that the proposed algorithm can detect scans more frequently and more accurately than existing algorithms.
  • Keywords
    computer network security; pattern clustering; clustering analysis; coordinated scan detection algorithm; time sequence characteristics; Algorithm design and analysis; Clustering algorithms; Correlation; Detection algorithms; IP networks; Laboratories; Ports (Computers); clustering analysis; coordinatedtest; global characteristics; scan; scantest;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Broadband and Wireless Computing, Communication and Applications (BWCCA), 2014 Ninth International Conference on
  • Conference_Location
    Guangdong
  • Print_ISBN
    978-1-4799-4174-2
  • Type

    conf

  • DOI
    10.1109/BWCCA.2014.64
  • Filename
    7016068
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=233126