A Profile-Based Fast Port Scan Detection Method
Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect...
Saved in:
Published in | Computational Collective Intelligence pp. 401 - 410 |
---|---|
Main Authors | , , |
Format | Book Chapter |
Language | English |
Published |
Cham
Springer International Publishing
|
Series | Lecture Notes in Computer Science |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect port scanning attacks earlier with higher reliability than the widely used Snort-based approaches. Our method is profile-based, meaning that it does not only set a threshold on the connection attempts in a given time interval, like most of the current methods, but builds an IP profile of four features that enables a more fine-grained detection. We use the Budapest node of the FIWARE Lab community cloud as a natural honeypot to identify malicious activities in it. |
---|---|
Bibliography: | During this work, Dr. Laki was also with Wigner Research Centre for Physics of the Hungarian Academy of Sciences.Dr. Kiss was also with J. Selye University, Komárno, Slovakia. |
ISBN: | 3319670735 9783319670737 |
ISSN: | 0302-9743 1611-3349 |
DOI: | 10.1007/978-3-319-67074-4_39 |