Title :
Automated detection of malicious reconnaissance to enhance network security
Author :
Allen, William H. ; Marin, Gerald A. ; Rivera, Luis A.
Author_Institution :
Dept. of Comput. Sci., Florida Inst. of Technol., Melbourne, FL, USA
Abstract :
Anomaly detection tools currently react to directed attacks during or shortly after they have occurred. Unfortunately, an attack that is detected after it has occurred is, in essence, a successful one. Advance warning of potential attacks could aid in their detection. Before an attack is launched the attacker often performs reconnaissance on the target host or network to learn its vulnerabilities. If malicious network reconnaissance can be detected and identified, it can serve as a warning of future attacks and may provide clues as to the identity of the attacker. This paper presents a novel technique for the automated detection of malicious network reconnaissance in a live network.
Keywords :
Internet; computer network management; invasive software; telecommunication security; advance warning; anomaly detection tools; automated detection; malicious reconnaissance; network security; Computer science; Intrusion detection; Marine technology; Monitoring; Network topology; Pattern matching; Protocols; Reconnaissance; Software testing; Telecommunication traffic;
Conference_Titel :
SoutheastCon, 2005. Proceedings. IEEE
Print_ISBN :
0-7803-8865-8
DOI :
10.1109/SECON.2005.1423286
