Improving the Detection of On-Line Vertical Port Scan in IP Traffic

Christine Fricker; Philippe Robert; Yousra Chabchoub

首页> 外文期刊>International journal of secure software engineering >Improving the Detection of On-Line Vertical Port Scan in IP Traffic

【24h】

Improving the Detection of On-Line Vertical Port Scan in IP Traffic

机译：改善IP流量中在线垂直端口扫描的检测

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The authors propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.

机译：作者在本文中提出了一种基于Bloom过滤器的在线算法来检测IP流量中的端口扫描攻击。在二维布隆过滤器中，只有有关目标IP地址和目标端口的相关信息才分两步存储。得益于紧随流量变化的新型自适应刷新方案，该算法可以无限期地在实际流量上执行。由于在滑动窗口上使用了哈希函数，它是一种可扩展的算法，能够以很高的比特率处理IP流量。此外，它不需要有关交通特征的任何先验知识。当针对实际IP流量进行测试时，建议的在线算法在以下方面表现良好：它可以在仅10秒的非常短的响应时间内检测到所有端口扫描攻击，而不会出现误报。

著录项

来源
《International journal of secure software engineering》 |2014年第1期|61-74|共14页
作者
Christine Fricker; Philippe Robert; Yousra Chabchoub;
展开▼
作者单位

INRIA, Le Chesnay, France;

INRIA, Le Chesnay, France;

ISEP, Paris, France;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Attack Detection; Bloom Filter; IP Traffic; Internet Measurements; On-Line Algorithms;

机译：攻击检测;布隆过滤器;IP流量;互联网测量;在线算法;

相似文献

外文文献
中文文献
专利

1. Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection [J] . Saidi Firas, Trabelsi Zouheir, Ben Ghazela Henda Intelligent decision technologies . 2020,第2期

机译：模糊IDS作为恶意TCP端口扫描流量检测的云上的服务
2. Pipeline Scanning Architecture for Traffic Sign Detection with Computation Reduction [J] . Anh-Tuan HOANG, Masaharu YAMAMOTO, Mutsumi OMORI, 電子情報通信学会技術研究報告. コンピュ-タシステム. Computer Systems . 2013,第282期

机译：减少计算的交通标志检测管道扫描架构
3. How can sliding HyperLogLog and EWMA detect port scan attacks in IP traffic? [J] . Yousra Chabchoub, Raja Chiky, Betul Dogan EURASIP journal on information security . 2014,第1期

机译：如何滑动超级历高和EWMA检测IP流量的端口扫描攻击？
4. Improving the detection of on-line vertical port scan in IP traffic [C] . Chabchoub Yousra, Fricker Christine, Robert Philippe Seventh International Conference on Risks and Security of Internet and Systems. . 2012

机译：改善IP流量中在线垂直端口扫描的检测
5. Improved vertical scanning interferometry. [D] . Harasaki, Akiko. 2000

机译：改进的垂直扫描干涉仪。
6. Detection of slow port scans in flow-based network traffic [O] . Markus Ring, Dieter Landes, Andreas Hotho 2012

机译：在基于流的网络流量中检测慢速端口扫描
7. Improving the Detection of On-Line Vertical Port Scan in IP Traffic [O] . Christine Fricker, Philippe Robert, Yousra Chabchoub 2014

机译：在IP流量中提高在线垂直端口扫描的检测
8. Self port scanning tool : providing a more secure computing Environment through the use of proactive port scanning [R] . Kocher, Joshua E, Gilliam, David P. 2005

机译：自身端口扫描工具：通过使用主动端口扫描提供更安全的计算环境

Improving the Detection of On-Line Vertical Port Scan in IP Traffic

摘要

著录项

相似文献

相关主题

期刊订阅