Sciweavers

JSAC
2006

Impact of Packet Sampling on Portscan Detection

13 years 11 months ago
Impact of Packet Sampling on Portscan Detection
Abstract-- Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for network monitoring. It is known that packet sampling distorts traffic statistics and its impact has been extensively studied for traffic engineering metrics such as flow size and mean rate. However, it is unclear how packet sampling impacts anomaly detection, which has become increasingly critical to network providers. This paper is the first attempt to address this question by focusing on one common class of non-volume based anomalies, portscans, which are associated with worm/virus propagation. Existing portscan detection algorithms fall into two general approaches: targetspecific and traffic profiling. We evaluated representative algorithms for each class, namely (a) TRWSYN that performs stateful traffic analysis, (b) TAPS that tracks connection pattern of scanners, and (c) Entropy-based traffic profiling. We applied these algorithms to detect portscans in both the original a...
Jianning Mai, Ashwin Sridharan, Chen-Nee Chuah, Hu
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2006
Where JSAC
Authors Jianning Mai, Ashwin Sridharan, Chen-Nee Chuah, Hui Zang, Tao Ye
Comments (0)