Title :
Orthogonal Expansion of Port-scanning Packets
Author :
Kikuchi, Hiroaki ; Kobori, Tomohiro ; Terada, Masato
Author_Institution :
Sch. of Inf. & Telecommun. Eng., Tokai Univ., Hiratsuka, Japan
Abstract :
Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows (1) analysis of sensors with few significant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, (2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and (3) approximation of number of scanning packets at arbitrarily specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets.
Keywords :
Internet; data compression; distributed sensors; security of data; Internet; approximation algorithm; distributed sensors; orthogonal factors; packet data compression; port-scanning packets; Approximation algorithms; Data mining; Electronic mail; Information systems; Internet; Principal component analysis; Sensor phenomena and characterization; Statistical analysis; Statistical distributions; Telecommunication traffic; PCA; port-scan;
Conference_Titel :
Network-Based Information Systems, 2009. NBIS '09. International Conference on
Conference_Location :
Indianapolis, IN
Print_ISBN :
978-1-4244-4746-6
Electronic_ISBN :
978-0-7695-3767-2
DOI :
10.1109/NBiS.2009.82
