A Profile-Based Fast Port Scan Detection Method

Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect...

Full description

Saved in:
Bibliographic Details
Published inComputational Collective Intelligence pp. 401 - 410
Main Authors Hajdú-Szücs, Katalin, Laki, Sándor, Kiss, Attila
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
FIWARE Lab
IP profile-based detection
Port scan detection
Online AccessGet full text

Cover

More Information
Summary:Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect port scanning attacks earlier with higher reliability than the widely used Snort-based approaches. Our method is profile-based, meaning that it does not only set a threshold on the connection attempts in a given time interval, like most of the current methods, but builds an IP profile of four features that enables a more fine-grained detection. We use the Budapest node of the FIWARE Lab community cloud as a natural honeypot to identify malicious activities in it.
Bibliography:During this work, Dr. Laki was also with Wigner Research Centre for Physics of the Hungarian Academy of Sciences.Dr. Kiss was also with J. Selye University, Komárno, Slovakia.
ISBN:3319670735
9783319670737
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-67074-4_39