Detecting Network Scanning Through Monitoring and Manipulation of DNS Traffic

Jafarian, Jafar Haadi; Abolfathi, Masoumeh; Rahimian, Mahsa

doi:10.1109/access.2023.3250106

Cited by 10 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Findings discussion 5 [16] Logistic regression to detect PortScan attacks and tested data balancing methods to achieve better results. 6 [17] Suggest a method for identifying internal and external network scanning attacks on business networks. An inline SDS is used in the method to monitor the ingress and egress flows of a corporate network subnet and identify scanning probes by correlating the flows with previous domain name system (DNS) queries, replies, and shortening DNS resource records' TTL values (RR).…”

Section: Appendix Table 1 Related Workmentioning

confidence: 99%

Machine learning-based PortScan attacks detection using OneR classifier

Kareem,

Jawad Kadhim Abood,

Ibrahim

2023

Bulletin EEI

View full text Add to dashboard Cite

PortScan attacks are a common security threat in computer networks, where an attacker systematically scans a range of network ports on a target system to identify potential vulnerabilities. Detecting such attacks in a timely and accurate manner is crucial to ensure network security. Attackers can determine whether a port is open by sending a detective message to it, which helps them find potential vulnerabilities. However, the best methods for spotting and identifying port scanner attacks are those that use machine learning. One of the most dangerous online threats is PortScan attack, according to experts. The research is work on detection while improving detection accuracy. Dataset containing tags from network traffic is used to train machine learning techniques for classification. The JRip algorithm is trained and tested using the CICIDS2017 dataset. As a consequence, the best performance results for JRip-based detection schemes were 99.84%, 99.80%, 99.80%, and 0.09 ms for accuracy, precision, recall, F-score, and detection overhead, respectively. Finally, the comparison with current models demonstrated our model's proficiency and advantage with increased attack discovery speed.

show abstract

Section: Appendix Table 1 Related Workmentioning

confidence: 99%

Machine learning-based PortScan attacks detection using OneR classifier

Kareem,

Jawad Kadhim Abood,

Ibrahim

2023

Bulletin EEI

View full text Add to dashboard Cite

show abstract

Collaborative intrusion detection using weighted ensemble averaging deep neural network for coordinated attack detection in heterogeneous network

Wardana,

Kołaczek,

Warzyński

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Detecting coordinated attacks in cybersecurity is challenging due to their sophisticated and distributed nature, making traditional Intrusion Detection Systems often ineffective, especially in heterogeneous networks with diverse devices and systems. This research introduces a novel Collaborative Intrusion Detection System (CIDS) using a Weighted Ensemble Averaging Deep Neural Network (WEA-DNN) designed to detect such attacks. The WEA-DNN combines deep learning techniques and ensemble methods to enhance detection capabilities by integrating multiple Deep Neural Network (DNN) models, each trained on different data subsets with varying architectures. Differential Evolution optimizes the model’s contributions by calculating optimal weights, allowing the system to collaboratively analyze network traffic data from diverse sources. Extensive experiments on real-world datasets like CICIDS2017, CSE-CICIDS2018, CICToNIoT, and CICBotIoT show that the CIDS framework achieves an average accuracy of 93.8%, precision of 78.6%, recall of 60.4%, and an F1-score of 62.4%, surpassing traditional ensemble models and matching the performance of local DNN models. This demonstrates the practical benefits of WEA-DNN in improving detection capabilities in real-world heterogeneous network environments, offering superior adaptability and robustness in handling complex attack patterns.

show abstract