BROWSE
Detail
Journal Article
A Multi-Resolution Port Scan Detection Technique for High-Speed Networks
Cited 2 time in 
Download 28 time
Share 
Download 28 time
Share
- Authors
- Hwashin Moon, Sungwon Yi, Gyu Sang Choi, Yongsung Jeon, Joengnyeo Kim
- Issue Date
- 2015-09
- Citation
- Journal of Information Science and Engineering, v.31, no.5, pp.1613-1632
- ISSN
- 1016-2364
- Publisher
- Academia Sinica
- Language
- English
- Type
- Journal Article
- Project Code
- 14MS2200, Development of the security technology for MTM-based mobile devices and next generation wireless LAN, Cho Hyun Sook
- Abstract
- In this paper, we present a novel failed flow dispersion estimation technique, called multi-window state map (MWSM), which requires a small amount of memory and a constant number of memory accesses for implementing the multi-resolution concept (e.g., MRDS). We then extended the proposed MWSM scheme into a complete port scan detector. The simulation results with real-world traffic traces indicate that the proposed estimation technique manages the expected relative error and average standard error of less than 0.8% and 9%, respectively, while limiting the memory consumption to less than 60% of MRDS. In addition, the number of false positives decreases by 61% compared to a scan detector based on MRDS when it is extended to a complete scan detector. Owing to its simple mechanism and architecture, the proposed technique is well suited to hardware implementation. Therefore, we believe that the proposed technique is practically viable in modern high-speed intrusion detection systems.
- KSP Keywords
- Complete scan, Estimation Technique, False positive, Flow dispersion, Hardware Implementation, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Multi-resolution, Number of memory accesses, Real-world