Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IPCCC
2006
IEEE
2006
IEEE
Connectionless port scan detection on the backbone
Considerable research has been done on detecting and blocking portscan activities that are typically conducted by infected hosts to discover other vulnerable hosts. However, the focus has been on enterprise gateway-level Intrusion Detection Systems where the traffic volume is low and network configuration information is readily available. This paper investigates the effectiveness of existing portscan detection algorithms in the context of a large transit backbone network and proposes a new algorithm that meets the demands of aggregated high speed backbone traffic. Specifically, we evaluate two existing approaches - the portscan detection algorithm in SNORT [8], and a modified version of the TRW algorithm [6] that is a part of the intrusion detection tool BRO [12]. We then propose a new approach, TAPS, which uses sequential hypothesis testing to detect hosts that exhibit abnormal access patterns in terms of destination hosts and destination ports. We perform a comparative analysis ...
Real-time Traffic| Added | 11 Jun 2010 |
| Updated | 11 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | IPCCC |
| Authors | Avinash Sridharan, Tao Ye, Supratik Bhattacharyya |
Comments (0)
Researcher Info
|
