ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 A Multi-Resolution Port Scan Detection Technique for High-Speed Networks
Cited 2 time in scopus Download 17 time Share share facebook twitter linkedin kakaostory
저자
문화신, 이성원, 최규상, 전용성, 김정녀
발행일
201509
출처
Journal of Information Science and Engineering, v.31 no.5, pp.1613-1632
ISSN
1016-2364
출판사
Academia Sinica
DOI
https://dx.doi.org/10.1688/JISE.2015.31.5.7
협약과제
14MS2200, MTM기반 단말 및 차세대 무선랜 보안 기술 개발, 조현숙
초록
In this paper, we present a novel failed flow dispersion estimation technique, called multi-window state map (MWSM), which requires a small amount of memory and a constant number of memory accesses for implementing the multi-resolution concept (e.g., MRDS). We then extended the proposed MWSM scheme into a complete port scan detector. The simulation results with real-world traffic traces indicate that the proposed estimation technique manages the expected relative error and average standard error of less than 0.8% and 9%, respectively, while limiting the memory consumption to less than 60% of MRDS. In addition, the number of false positives decreases by 61% compared to a scan detector based on MRDS when it is extended to a complete scan detector. Owing to its simple mechanism and architecture, the proposed technique is well suited to hardware implementation. Therefore, we believe that the proposed technique is practically viable in modern high-speed intrusion detection systems.
키워드
Flow estimation, IDS, Multi-resolution, MWSM, Port scan
KSP 제안 키워드
Complete scan, Estimation Technique, False positive, Flow dispersion, Flow estimation, Hardware Implementation, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Multi-resolution, Number of memory accesses