Coordinated Scan Detection Algorithm Based on the Global Characteristics of Time Sequence
作者: Yanli Lv , Yuanlong Li , Shouzhong Tu , Shuang Xiang , Chunhe Xia
关键词: Algorithm 、 Time sequence 、 Network segment 、 Host (network) 、 Sequence (medicine) 、 Computer science 、 Algorithm design 、 Control theory 、 Cluster analysis
摘要: Scanning acquires status information regarding target hosts. In networks, attackers often conduct coordinated scans of the host or network segment because such are efficient and stealthy. However, an algorithm that effectively detects has not yet been developed. this study, we identify a scan under single controller during clustering analysis sequence. This sequence was determined through time sequence, based on global characteristics Simulation test results demonstrated proposed can detect more frequently accurately than existing algorithms.
sci-hub.se 参考文章(12)
S. Braynov, M. Jadliwala, Detecting malicious groups of agents IEEE First Symposium onMulti-Agent Security and Survivability, 2004. pp. 90- 99 ,(2004) , 10.1109/MASSUR.2004.1368422
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
David Marchette, John Green, Bill Ralph, Stephen Northcutt, Analysis Techniques for Detecting Coordinated Attacks and Probes ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 1- 9 ,(1999)
Xiaozhe Wang, Kate A. Smith, Rob J. Hyndman, Dimension Reduction for Clustering Time Series Using Global Characteristics Lecture Notes in Computer Science. ,vol. 3516, pp. 792- 795 ,(2005) , 10.1007/11428862_108
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Mark Allman, Vern Paxson, Jeff Terrell, A brief history of scanning Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07. pp. 77- 82 ,(2007) , 10.1145/1298306.1298316
Vinod Yegneswaran, Paul Barford, Johannes Ullrich, Internet intrusions: global characteristics and prevalence measurement and modeling of computer systems. ,vol. 31, pp. 138- 147 ,(2003) , 10.1145/781027.781045
S. Robertson, E.V. Siegel, M. Miller, S.J. Stolfo, Surveillance detection in high bandwidth environments darpa information survivability conference and exposition. ,vol. 1, pp. 130- 138 ,(2003) , 10.1109/DISCEX.2003.1194879