Sciweavers

IPCCC
2006
IEEE

Connectionless port scan detection on the backbone

14 years 6 months ago
Connectionless port scan detection on the backbone
Considerable research has been done on detecting and blocking portscan activities that are typically conducted by infected hosts to discover other vulnerable hosts. However, the focus has been on enterprise gateway-level Intrusion Detection Systems where the traffic volume is low and network configuration information is readily available. This paper investigates the effectiveness of existing portscan detection algorithms in the context of a large transit backbone network and proposes a new algorithm that meets the demands of aggregated high speed backbone traffic. Specifically, we evaluate two existing approaches - the portscan detection algorithm in SNORT [8], and a modified version of the TRW algorithm [6] that is a part of the intrusion detection tool BRO [12]. We then propose a new approach, TAPS, which uses sequential hypothesis testing to detect hosts that exhibit abnormal access patterns in terms of destination hosts and destination ports. We perform a comparative analysis ...
Avinash Sridharan, Tao Ye, Supratik Bhattacharyya
Added 11 Jun 2010
Updated 11 Jun 2010
Type Conference
Year 2006
Where IPCCC
Authors Avinash Sridharan, Tao Ye, Supratik Bhattacharyya
Comments (0)