• DocumentCode
    2012087
  • Title

    DynamicWEB: A Method for Reconnaissance Activity Profiling

  • Author

    Scanlan, Joel ; Hartnett, Jacky ; Williams, Raymond

  • Author_Institution
    Sch. of Comput. & Inf. Syst., Univ. of Tasmania, Hobart, TAS
  • fYear
    2008
  • fDate
    10-12 Dec. 2008
  • Firstpage
    725
  • Lastpage
    736
  • Abstract
    Port scan correlation aims to differentiate between benign and malicious scans. In this paper we will examine a new method of profiling port scan activity in an attempt to link different source IP addresses to being the same end user. A data mining approach DynamicWEB based upon the COBWEB conceptual clustering algorithm is shown along with some preliminary results of it functioning within the context of scan correlation.
  • Keywords
    Internet; data mining; COBWEB conceptual clustering algorithm; DynamicWEB; port scan correlation; reconnaissance activity profiling; Computer crime; Computer hacking; Computer networks; Concurrent computing; Distributed computing; IP networks; Information systems; Internet; Operating systems; Reconnaissance; Data Mining; Detection Profiling; Port Scans;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Parallel and Distributed Processing with Applications, 2008. ISPA '08. International Symposium on
  • Conference_Location
    Sydney, NSW
  • Print_ISBN
    978-0-7695-3471-8
  • Type

    conf

  • DOI
    10.1109/ISPA.2008.102
  • Filename
    4725219
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2012087