Slow Port Scanning Detection
| dc.contributor.author | DAOUD, Amel | |
| dc.date.accessioned | 2018-02-18T12:17:19Z | |
| dc.date.available | 2018-02-18T12:17:19Z | |
| dc.date.issued | 2014 | |
| dc.description.abstract | Port scanning represents a sizable portion of today’s internet traffic. An attacker performs port scans of IP addresses to find vulnerable hosts to compromise. Port scanning detection has received a lot of attention by researchers. However a slow port scan attack can deceive most of the existing Intrusion Detection Systems (IDS). In this project, we present a new, simple, and efficient method for detecting slow port scans. Our proposed method is mainly composed of two phases: (1) a feature collection phase that analyzes network traffic and extracts the features needed to classify a certain IP as malicious or not. (2) A classification phase that divides the IPs, based on the collected features, into two groups: suspicious IPs and scanner IPs. The IPs of our approach classified as suspicious are kept and their destination ports for the next (K) time windows for further examination to decide whether they represent scanners or legitimate users. A small Local Area Network was put together to test our proposed method. The experiments show the effectiveness of our proposed method in correctly identifying malicious scanners when both normal and slow port scan were performed using the three most common TCP port scanning techniques(TCP SYN, Half connect, FIN ). | en_US |
| dc.identifier.uri | https://depot.univ-msila.dz/handle/123456789/2882 | |
| dc.language.iso | en | en_US |
| dc.publisher | UNIVERSITY OF M’SILA- FACULTY OF MATHEMATICS AND INFORMATICS - Department of Computer Science | en_US |
| dc.subject | Intrusion Detection System, Port Scanning | en_US |
| dc.title | Slow Port Scanning Detection | en_US |
| dc.type | Thesis | en_US |