DocumentCode
2631977
Title
Orthogonal Expansion of Port-scanning Packets
Author
Kikuchi, Hiroaki ; Kobori, Tomohiro ; Terada, Masato
Author_Institution
Sch. of Inf. & Telecommun. Eng., Tokai Univ., Hiratsuka, Japan
fYear
2009
fDate
19-21 Aug. 2009
Firstpage
321
Lastpage
326
Abstract
Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows (1) analysis of sensors with few significant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, (2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and (3) approximation of number of scanning packets at arbitrarily specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets.
Keywords
Internet; data compression; distributed sensors; security of data; Internet; approximation algorithm; distributed sensors; orthogonal factors; packet data compression; port-scanning packets; Approximation algorithms; Data mining; Electronic mail; Information systems; Internet; Principal component analysis; Sensor phenomena and characterization; Statistical analysis; Statistical distributions; Telecommunication traffic; PCA; port-scan;
fLanguage
English
Publisher
ieee
Conference_Titel
Network-Based Information Systems, 2009. NBIS '09. International Conference on
Conference_Location
Indianapolis, IN
Print_ISBN
978-1-4244-4746-6
Electronic_ISBN
978-0-7695-3767-2
Type
conf
DOI
10.1109/NBiS.2009.82
Filename
5349884
Link To Document