Title :
Research for scan detection algorithm of high-speed links based on honeypot
Author :
Wang, Xinliang ; Liu, Fang ; Chen, Luying ; Lei, Zhenming
Author_Institution :
Sch. of Inf. & Commun. Eng., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
In order to effectively detect the scan attack on high-speed links, this paper improves the commonly used scan detection algorithm TRW (Threshold Random Walk) based on honeypot, and makes a detailed analysis on its performance. The analysis shows that the improved algorithm has better performance on the speed of identifying the scan source and can finish the real-time detection of high-speed link scan. Meanwhile, on the basis of selective system sample, this paper focuses on the analysis of the anomaly detection accuracy of three scan detection algorithms: Snort, TRW, TRWHP (Threshold Random Walk Based on Honeypot). The experimental results show that, at the same sampling ratio, the false positive rates of TRWHP and TRW algorithm are almost the same, however, the false negative rate of TRWHP algorithm can make a remarkable improvement and obtain the better detection performance.
Keywords :
computer network security; telecommunication links; Snort; TRW algorithm; TRWHP algorithm; anomaly detection accuracy; detection performance; false negative rate; high-speed link scan; high-speed links; honeypot; real-time detection; scan attack; scan detection algorithms; selective system sample; threshold random walk; Accuracy; Algorithm design and analysis; Detection algorithms; IP networks; Probability; Security; Testing; Sample; Scan; TRW; TRWHP;
Conference_Titel :
Network Infrastructure and Digital Content, 2010 2nd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6851-5
DOI :
10.1109/ICNIDC.2010.5657900
