Sciweavers

ACNS
2006
Springer

Adaptive Detection of Local Scanners

14 years 6 months ago
Adaptive Detection of Local Scanners
Network attacks often employ scanning to locate vulnerable hosts and services. Fast and accurate detection of local scanners is key to containing an epidemic in its early stage. Existing scan detection schemes use statically determined detection criteria, and as a result do not respond well to traffic perturbations. We present two adaptive scan detection schemes, Success Based (SB) and Failure Based (FB), which change detection criteria based on traffic statistics. We evaluate the proposed schemes analytically and empirically using network traces. Against fast scanners, the adaptive schemes render detection precision similar to the traditional static schemes. For slow scanners, the adaptive schemes are much more effective, both in terms of detection precision and speed. SB and FB have non-linear properties not present in other schemes. These properties permit a lower Sustained Scanning Threshold and a robustness against perturbations in the background traffic.
Ahren Studer, Chenxi Wang
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where ACNS
Authors Ahren Studer, Chenxi Wang
Comments (0)