Title :
Scalable Double Filter Structure for Port Scan Detection
Author :
Kong, Shijin ; He, Tao ; Shao, Xiaoxin ; An, Changqing ; Li, Xing
Author_Institution :
Department of Electronic Engineering, Tsinghua University, Beijing, P.R.China 100084. Email: ksj00@mails.tsinghua.edu.cn
Abstract :
Port scan detection is very important to predict network intrusions and prevent viruses from spreading. Many networks deploy Network Intrusion Detection Systems (NIDS) to detect port scans in real-time. However, most NIDS are perflow based. They are not scalable on high speed links since it is infeasible to maintain the states of numerous flows. In this paper, we propose a scalable scheme for real-time port scan detection without keeping any per-flow state. We use a double-filter structure to find out pairs which connect to more than N pairs in T time. The experimental results on real network traces show that our scheme can find out those over-threshold pairs with high accuracy. It is easy to scale our scheme to high speed environments due to its little memory consumption and fast processing pipeline.
Keywords :
Computer viruses; Electronics packaging; Filters; Internet; Intrusion detection; Maintenance engineering; Monitoring; Pipelines; Real time systems; Viruses (medical);
Conference_Titel :
Communications, 2006. ICC '06. IEEE International Conference on
Conference_Location :
Istanbul
Print_ISBN :
1-4244-0355-3
Electronic_ISBN :
8164-9547
DOI :
10.1109/ICC.2006.255093
