中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 会议论文
Title:
an access-context based method to detect network scanning event in lan
Author: Wu Di ; Yin Ying ; Chen Xiao-Hua ; Bu Ning
Source: Proceedings of the 2009 International Conference on Machine Learning and Cybernetics
Conference Name: International Conference on Machine Learning and Cybernetics
Conference Date: JUL 12-15,
Issued Date: 2009
Conference Place: Baoding, PEOPLES R CHINA
Keyword: Network security ; network monitoring ; network scanning ; intrusion detection
Publisher: PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-6
Publish Place: 345 E 47TH ST, NEW YORK, NY 10017 USA
ISBN: 978-1-4244-4705-3
Department: Wu, Di Chinese Acad Sci, Inst Software, State Key Lab Informat Secur, Beijing 100080, Peoples R China.
Sponsorship: Hebei Univ, IEEE Syst, Man & Cybernet Soc, Chongqing Univ, S China Univ Technol, Honk Kong Baptist Univ, Hebei Univ Sci & Technol
English Abstract: Usually there are leading DNS resolution operations in normal network access scenarios and at the same time the relative connection success ratio is very high; but there is no leading DNS resolution operation in network scanning scenarios and the relative connection success ratio is very low. For convenience in this paper we named the network access connection attempt without leading DNS resolution operation as Suspicious Network Access (SNA). A network scanning detection approach is proposed in this paper by the analysis of SNAs response ratio and the randomness of their target IP addresses for each host in LAN. Since the proposed approach only takes the SNAs into account and the interference from normal network access can be decreased effectively, it can detect network scanning attacks with high accuracy and efficiency. The experiment results in simulation network scenario showed that the proposed approach support the detection of TCP-SYN and ICMP type network scanning attacks and also support the detection of stealth network scanning attacks as well.
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/8200
Appears in Collections:信息安全国家重点实验室_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Wu Di,Yin Ying,Chen Xiao-Hua,et al. an access-context based method to detect network scanning event in lan[C]. 见:International Conference on Machine Learning and Cybernetics. Baoding, PEOPLES R CHINA. JUL 12-15,.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Wu Di]'s Articles
[Yin Ying]'s Articles
[Chen Xiao-Hua]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Wu Di]‘s Articles
[Yin Ying]‘s Articles
[Chen Xiao-Hua]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace