A Behavior-based Method for Detecting Distributed Scan Attacks in Darknets
スポンサーリンク
概要
- 論文の詳細を見る
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan attacks have become one of the most serious problems. In this study, we propose a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In our proposed method, all the possible destination TCP and UDP ports are monitored, and when a port is attacked by a distributed scan, an alert is given. Moreover, the alert can have several levels reflecting the relative scale of the attack. To accelerate learning and updating the normal behavior modes and to realize rapid detection, an index is introduced, which is proved to be very efficient. The efficiency of our proposal is verified using real darknet traffic data. Although our proposal focuses on darknets, the idea can also be applied to ordinary networks.
著者
-
Feng Yaokai
Graduate School Of Information Science And Electrical Engineering Department Of Intelligent Systems
-
SAKURAI Kouichi
Graduate School of Information Science and Electrical Engineering, Kyushu University
-
HORI Yoshiaki
Graduate School of Information Science and Electrical Engineering, Kyushu University
-
Hori Yoshiaki
Graduate School Of Information Science And Electrical Engineering Kyushu University
-
Sakurai Kouichi
Graduate School Of Information And Electrical Engineering Kyushu University
-
Takeuchi Jun'ichi
Graduate School of Information Science and Electrical Engineering, Kyushu University
関連論文
- A study on worms using search engine to spread (情報通信システムセキュリティ)
- Towards Range Queries with Partial Dimensions in OLAP Applications (夏のデータベースワークショップDBWS2004)
- Towards QPD: Queries with Partial Dimensions (夏のデータベースワークショップ(DBWS2004))
- On Distributed Cryptographic Protocols for Threshold RSA Signing and Decrypting with No Dealer (Special Section on Discrete Mathematics and Its Applications)
- Batch-Incremental Nearest Neighbor Search Algorithm and Its Performance Evaluation(Databases)
- L-032 Integrity for the In-flight Web Page Using Fragile Watermarking
- Toward a Scalable Visualization System for Network Traffic Monitoring
- A Practical Off-Line Digital Money System with Partially Blind Signatures Based on the Discrete Logarithm Problem(Special Section on Cryptography and Information Security)
- A Behavior-based Method for Detecting Distributed Scan Attacks in Darknets