상세정보
학술지
A Multi-Resolution Port Scan Detection Technique for High-Speed Networks
- 발행일
- 201509
- 출처
- Journal of Information Science and Engineering, v.31 no.5, pp.1613-1632
- ISSN
- 1016-2364
- 출판사
- Academia Sinica
- 협약과제
- 14MS2200, MTM기반 단말 및 차세대 무선랜 보안 기술 개발, 조현숙
- 초록
- In this paper, we present a novel failed flow dispersion estimation technique, called multi-window state map (MWSM), which requires a small amount of memory and a constant number of memory accesses for implementing the multi-resolution concept (e.g., MRDS). We then extended the proposed MWSM scheme into a complete port scan detector. The simulation results with real-world traffic traces indicate that the proposed estimation technique manages the expected relative error and average standard error of less than 0.8% and 9%, respectively, while limiting the memory consumption to less than 60% of MRDS. In addition, the number of false positives decreases by 61% compared to a scan detector based on MRDS when it is extended to a complete scan detector. Owing to its simple mechanism and architecture, the proposed technique is well suited to hardware implementation. Therefore, we believe that the proposed technique is practically viable in modern high-speed intrusion detection systems.
- KSP 제안 키워드
- Complete scan, Estimation Technique, False positive, Flow dispersion, Hardware Implementation, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Multi-resolution, Number of memory accesses, Real-world