Improving the detection of on-line vertical port scan in IP traffic

Chabchoub, Yousra; Fricker, Christine; Pierpoint, Robert

doi:10.1109/crisis.2012.6378945

Cited by 4 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be better if author explain the approach to detect failed connection and to update consistence port status. Yousra Chabchoub et al [8] presented an algorithm to identify vertical port scanning attack in the IP traffic. Only destination ports information and destination IP addresses is stored using 2D bloom filter.…”

Section: Literature Reviewmentioning

confidence: 99%

A Network Forensic Framework for Port Scan Attack based on Efficient Packet Capturing

Makwana¹,

Tomar²

2019

IJITEE

View full text Add to dashboard Cite

In the last two decades the networks become larger in scale, more complex in structure and more diversified in traffic. Which generate huge amount of network packets such as TCP, UDP and HTTP etc. Log files are repository for captured packets and play a vital role in investigation. However, a significant and obvious limitation of current packet logging is that, data storage volume increases rapidly depending on factors such as network bandwidth and the number of points in the network that need to be tapped. Forensic investigator needs to back up these recorded data to free up recording media and to preserve the data for future analysis. The objective of the proposed work is to build a network forensics framework that precisely scrutinizes only the relevant packets .In this work, a network forensic framework is developed subjected to port scanning attack to mitigate evidence gathering challenges faced by forensic investigator. It captures and processes only fine-grained evidences present in the network traffic stream. Moreover, in the captured relevant log, attack specific discovery is carried out to mine the exact packets utilized to execute the network attack. Hypotheses being developed to validate each machine against attack specific criteria’s. Only those machine who full fill the criteria will be scrutinizes for further analysis. To test and validate the effectiveness of the proposed framework two scenario have been developed, It is observed that developed system preciously securitizes the attack patterns and improved decrement in the log size is observed for both scenario developed that is about 93.12% and 95.65% respectively. It is also observed that only 6.09% and 1.93% of total traffic being scrutinized for NULL, FIN and XMAS attack in scenario 1 and 2 respectively. Similarly 19.88% and 13.42% packets of total packets are scrutinized for TCP Connect and SYN (Half open) scanning variant in scenario 1 and 2 respectively

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A Network Forensic Framework for Port Scan Attack based on Efficient Packet Capturing

Makwana¹,

Tomar²

2019

IJITEE

View full text Add to dashboard Cite

show abstract

“…If a security hole is found, actual attacks will be conducted. Thus it is very important for system administrators and other network defenders to detect port scans as possible preliminaries to a more serious attack [3,4,5,6].…”

Section: Introductionmentioning

confidence: 99%

“…There have been many researches on how to detect port scans [3,4,5,6]. Almost all of them uses threshold values to decide abnormalities.…”

Section: Introductionmentioning

confidence: 99%

A Parameterless Learning Algorithm for Behavior-Based Detection

Wang

Feng

Kawamoto

et al. 2014

2014 Ninth Asia Joint Conference on Information Security

View full text Add to dashboard Cite

The frequency and the extent of damages caused by network attacks have been actually increasing greatly in recent years, although many approaches to avoiding and detecting attacks have been proposed in the community of network security. Thus, how to fast detect actual or potential attacks has become an urgent issue. Among the detection strategies, behavior-based ones, which use normal access patterns learned from reference data (e.g., history traffic) to detect new attacks, have attracted attention from many researchers. In each of all such strategies, a learning algorithm is necessary and plays a key role. Obviously, whether the learning algorithm can extract the normal behavior modes properly or not directly influence the detection result. However, some parameters have to determine in advance in the existing learning algorithms, which is not easy, even not feasible, in many actual applications. For example, even in the newest learning algorithm, which called FHST learning algorithm in this study, two parameters are used and they are difficult to be determined in advance. In this study, we propose a parameterless learning algorithm for the first time, in which no parameters are used. The efficiency of our proposal is verified by experiment. Although the proposed learning algorithm in this study is designed for detecting port scans, it is obviously able to be used to other behavior-based detections.

show abstract

On correlating network traffic for cyber threat intelligence: A Bloom filter approach

Atifi

Bou‐Harb

2017

2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC)

View full text Add to dashboard Cite

Improving the detection of on-line vertical port scan in IP traffic

Cited by 4 publications

References 14 publications

A Network Forensic Framework for Port Scan Attack based on Efficient Packet Capturing

A Network Forensic Framework for Port Scan Attack based on Efficient Packet Capturing

A Parameterless Learning Algorithm for Behavior-Based Detection

On correlating network traffic for cyber threat intelligence: A Bloom filter approach

Contact Info

Product

Resources

About