Title :
Improving the detection of on-line vertical port scan in IP traffic
Author :
Chabchoub, Yousra ; Fricker, Christine ; Robert, Philippe
Author_Institution :
ISEP, Paris, France
Abstract :
We propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.
Keywords :
IP networks; Internet; computer network security; data structures; telecommunication traffic; IP traffic; Internet measurements; destination IP addresses; destination ports; hashing functions; online vertical port scan detection algorithm; port scan attack detection; sliding window; two-dimensional Bloom filter; Algorithm design and analysis; Context; IP networks; Internet; Manganese; Radiation detectors; Attack detection; Bloom filter; Internet measurements; On-line algorithms;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on
Conference_Location :
Cork
Print_ISBN :
978-1-4673-3087-9
Electronic_ISBN :
978-1-4673-3088-6
DOI :
10.1109/CRISIS.2012.6378945
