A Double-Filter Structure Based Scheme for Scalable Port Scan Detection

نویسندگان

  • Shijin Kong
  • Tao He
  • Xiaoxin Shao
  • Changqing An
  • Xing Li
چکیده

Port scan detection is very important to predict network intrusions and prevent viruses from spreading. Many networks deploy Network Intrusion Detection Systems (NIDS) to detect port scans in real-time. However, most NIDS are perflow based. They are not scalable on high speed links since it is infeasible to maintain the states of numerous flows. In this paper, we propose a scalable scheme for real-time port scan detection without keeping any per-flow state. We use a doublefilter structure to find out pairs which connect to more than N pairs in T time. The experimental results on real network traces show that our scheme can find out those over-threshold pairs with high accuracy. It is easy to scale our scheme to high speed environments due to its little memory consumption and fast processing pipeline.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Adrisya: a Flow Based Anomaly Detection System for Slow and Fast Scan

Attackers perform port scan to find reachability, liveness and running services in a system or network. Current day scanning tools provide different scanning options and capable of evading various security tools like firewall, IDS and IPS. So in order to detect and prevent attacks in the early stages, an accurate detection of scanning activity in real time is very much essential. In this paper ...

متن کامل

Analysis of InGaAsP-InP Double Microring Resonator using Signal Flow Graph Method

The buried hetero-structure (BH) InGaAsP-InP waveguide is used for asystem of double microring resonators (DMR). The light transmission and location ofresonant peaks are determined for six different sets of ring radii with different ordermode numbers. The effect of changing middle coupling coefficient on the box likeresponse is studied. It is found that the surge of coupling coefficient to the ...

متن کامل

Dynamic configuration and collaborative scheduling in supply chains based on scalable multi-agent architecture

Due to diversified and frequently changing demands from customers, technological advances and global competition, manufacturers rely on collaboration with their business partners to share costs, risks and expertise. How to take advantage of advancement of technologies to effectively support operations and create competitive advantage is critical for manufacturers to survive. To respond to these...

متن کامل

Double voter perceptible blind signature based electronic voting protocol

Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this p...

متن کامل

Plasmonic Adder/Subtractor Module Based on a Ring Resonator Filter

A four port network adder-subtractor module, for surface plasmon polariton (SPP) waves based on a ring resonator filter is proposed. The functionality of module is achieved by the phase difference manipulation of guided SPPs through different arms connected to the ring resonator. The module is designed using the concepts of a basic two-port device proposed in this paper. It is shown that two po...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006