中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 会议论文
题名:
an access-context based method to detect network scanning event in lan
作者: Wu Di ; Yin Ying ; Chen Xiao-Hua ; Bu Ning
会议文集: Proceedings of the 2009 International Conference on Machine Learning and Cybernetics
会议名称: International Conference on Machine Learning and Cybernetics
会议日期: JUL 12-15,
出版日期: 2009
会议地点: Baoding, PEOPLES R CHINA
关键词: Network security ; network monitoring ; network scanning ; intrusion detection
出版者: PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-6
出版地: 345 E 47TH ST, NEW YORK, NY 10017 USA
ISBN: 978-1-4244-4705-3
部门归属: Wu, Di Chinese Acad Sci, Inst Software, State Key Lab Informat Secur, Beijing 100080, Peoples R China.
主办者: Hebei Univ, IEEE Syst, Man & Cybernet Soc, Chongqing Univ, S China Univ Technol, Honk Kong Baptist Univ, Hebei Univ Sci & Technol
英文摘要: Usually there are leading DNS resolution operations in normal network access scenarios and at the same time the relative connection success ratio is very high; but there is no leading DNS resolution operation in network scanning scenarios and the relative connection success ratio is very low. For convenience in this paper we named the network access connection attempt without leading DNS resolution operation as Suspicious Network Access (SNA). A network scanning detection approach is proposed in this paper by the analysis of SNAs response ratio and the randomness of their target IP addresses for each host in LAN. Since the proposed approach only takes the SNAs into account and the interference from normal network access can be decreased effectively, it can detect network scanning attacks with high accuracy and efficiency. The experiment results in simulation network scenario showed that the proposed approach support the detection of TCP-SYN and ICMP type network scanning attacks and also support the detection of stealth network scanning attacks as well.
内容类型: 会议论文
URI标识: http://ir.iscas.ac.cn/handle/311060/8200
Appears in Collections:信息安全国家重点实验室_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Wu Di,Yin Ying,Chen Xiao-Hua,et al. an access-context based method to detect network scanning event in lan[C]. 见:International Conference on Machine Learning and Cybernetics. Baoding, PEOPLES R CHINA. JUL 12-15,.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Wu Di]'s Articles
[Yin Ying]'s Articles
[Chen Xiao-Hua]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Wu Di]‘s Articles
[Yin Ying]‘s Articles
[Chen Xiao-Hua]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace