| 题名: | an access-context based method to detect network scanning event in lan |
| 作者: | Wu Di
; Yin Ying
; Chen Xiao-Hua
; Bu Ning
|
| 会议文集: | Proceedings of the 2009 International Conference on Machine Learning and Cybernetics
|
| 会议名称: | International Conference on Machine Learning and Cybernetics
|
| 会议日期: | JUL 12-15,
|
| 出版日期: | 2009
|
| 会议地点: | Baoding, PEOPLES R CHINA
|
| 关键词: | Network security
; network monitoring
; network scanning
; intrusion detection
|
| 出版者: | PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-6
|
| 出版地: | 345 E 47TH ST, NEW YORK, NY 10017 USA
|
| ISBN: | 978-1-4244-4705-3
|
| 部门归属: | Wu, Di Chinese Acad Sci, Inst Software, State Key Lab Informat Secur, Beijing 100080, Peoples R China.
|
| 主办者: | Hebei Univ, IEEE Syst, Man & Cybernet Soc, Chongqing Univ, S China Univ Technol, Honk Kong Baptist Univ, Hebei Univ Sci & Technol
|
| 英文摘要: | Usually there are leading DNS resolution operations in normal network access scenarios and at the same time the relative connection success ratio is very high; but there is no leading DNS resolution operation in network scanning scenarios and the relative connection success ratio is very low. For convenience in this paper we named the network access connection attempt without leading DNS resolution operation as Suspicious Network Access (SNA). A network scanning detection approach is proposed in this paper by the analysis of SNAs response ratio and the randomness of their target IP addresses for each host in LAN. Since the proposed approach only takes the SNAs into account and the interference from normal network access can be decreased effectively, it can detect network scanning attacks with high accuracy and efficiency. The experiment results in simulation network scenario showed that the proposed approach support the detection of TCP-SYN and ICMP type network scanning attacks and also support the detection of stealth network scanning attacks as well. |
| 内容类型: | 会议论文
|
| URI标识: | http://ir.iscas.ac.cn/handle/311060/8200
|
| Appears in Collections: | 信息安全国家重点实验室_会议论文
|
|
There are no files associated with this item.
|
| Recommended Citation: | |
Wu Di,Yin Ying,Chen Xiao-Hua,et al. an access-context based method to detect network scanning event in lan[C]. 见:International Conference on Machine Learning and Cybernetics. Baoding, PEOPLES R CHINA. JUL 12-15,.
|
|
|
