| Title: | an access-context based method to detect network scanning event in lan |
| Author: | Wu Di
; Yin Ying
; Chen Xiao-Hua
; Bu Ning
|
| Source: | Proceedings of the 2009 International Conference on Machine Learning and Cybernetics
|
| Conference Name: | International Conference on Machine Learning and Cybernetics
|
| Conference Date: | JUL 12-15,
|
| Issued Date: | 2009
|
| Conference Place: | Baoding, PEOPLES R CHINA
|
| Keyword: | Network security
; network monitoring
; network scanning
; intrusion detection
|
| Publisher: | PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS, VOLS 1-6
|
| Publish Place: | 345 E 47TH ST, NEW YORK, NY 10017 USA
|
| ISBN: | 978-1-4244-4705-3
|
| Department: | Wu, Di Chinese Acad Sci, Inst Software, State Key Lab Informat Secur, Beijing 100080, Peoples R China.
|
| Sponsorship: | Hebei Univ, IEEE Syst, Man & Cybernet Soc, Chongqing Univ, S China Univ Technol, Honk Kong Baptist Univ, Hebei Univ Sci & Technol
|
| English Abstract: | Usually there are leading DNS resolution operations in normal network access scenarios and at the same time the relative connection success ratio is very high; but there is no leading DNS resolution operation in network scanning scenarios and the relative connection success ratio is very low. For convenience in this paper we named the network access connection attempt without leading DNS resolution operation as Suspicious Network Access (SNA). A network scanning detection approach is proposed in this paper by the analysis of SNAs response ratio and the randomness of their target IP addresses for each host in LAN. Since the proposed approach only takes the SNAs into account and the interference from normal network access can be decreased effectively, it can detect network scanning attacks with high accuracy and efficiency. The experiment results in simulation network scenario showed that the proposed approach support the detection of TCP-SYN and ICMP type network scanning attacks and also support the detection of stealth network scanning attacks as well. |
| Content Type: | 会议论文
|
| URI: | http://ir.iscas.ac.cn/handle/311060/8200
|
| Appears in Collections: | 信息安全国家重点实验室_会议论文
|
|
There are no files associated with this item.
|
| Recommended Citation: | |
Wu Di,Yin Ying,Chen Xiao-Hua,et al. an access-context based method to detect network scanning event in lan[C]. 见:International Conference on Machine Learning and Cybernetics. Baoding, PEOPLES R CHINA. JUL 12-15,.
|
|
|
