ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article A Multi-Resolution Port Scan Detection Technique for High-Speed Networks
Cited 2 time in scopus Download 28 time Share share facebook twitter linkedin kakaostory
Authors
Hwashin Moon, Sungwon Yi, Gyu Sang Choi, Yongsung Jeon, Joengnyeo Kim
Issue Date
2015-09
Citation
Journal of Information Science and Engineering, v.31, no.5, pp.1613-1632
ISSN
1016-2364
Publisher
Academia Sinica
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1688/JISE.2015.31.5.7
Project Code
14MS2200, Development of the security technology for MTM-based mobile devices and next generation wireless LAN, Cho Hyun Sook
Abstract
In this paper, we present a novel failed flow dispersion estimation technique, called multi-window state map (MWSM), which requires a small amount of memory and a constant number of memory accesses for implementing the multi-resolution concept (e.g., MRDS). We then extended the proposed MWSM scheme into a complete port scan detector. The simulation results with real-world traffic traces indicate that the proposed estimation technique manages the expected relative error and average standard error of less than 0.8% and 9%, respectively, while limiting the memory consumption to less than 60% of MRDS. In addition, the number of false positives decreases by 61% compared to a scan detector based on MRDS when it is extended to a complete scan detector. Owing to its simple mechanism and architecture, the proposed technique is well suited to hardware implementation. Therefore, we believe that the proposed technique is practically viable in modern high-speed intrusion detection systems.
KSP Keywords
Complete scan, Estimation Technique, False positive, Flow dispersion, Hardware Implementation, High speed network, Intrusion Detection Systems(IDSs), Intrusion detection system(IDS), Multi-resolution, Number of memory accesses, Real-world