Title :
Detection of Port and Network Scan Using Time Independent Feature Set
Author :
Baig, Habib Ullah ; Kamran, Farrukh
Author_Institution :
Center for Adv. Studies in Eng., Islamabad
Abstract :
Probes or network scans are designed to identify security vulnerabilities of a network and are precursor to most of the cyber attacks. Slow, random and distributed attacks are the most difficult to detect. Extensive training over longer packet traces or larger detection window size can give better results but requires larger memory. A model based on Time Independent Feature Set is proposed here, which can efficiently detect slow and random attacks in real time with reduce memory needs. The proposed model has been tested using DARPA 99 data set.
Keywords :
Internet; computer crime; probability; telecommunication network reliability; telecommunication security; DDoS attacks; Internet; cyber attacks; distributed attacks; network scan detection; port scan detection; probability; random attack detection; security vulnerability identification; slow attack detection; time independent feature set; Computer aided software engineering; Computer security; Data security; Design engineering; IP networks; Intrusion detection; Network servers; Probes; Reconnaissance; Web server;
Conference_Titel :
Intelligence and Security Informatics, 2007 IEEE
Conference_Location :
New Brunswick, NJ
Electronic_ISBN :
1-4244-1329-X
DOI :
10.1109/ISI.2007.379554
