BROWSE
Detail
Conference Paper
A Modified Multi-Resolution Approach for Port Scan Detection
Cited 3 time in 
Share 
Share
- Authors
- Hwa Shin Moon, Sung Won Yi, Kee Seong Cho
- Issue Date
- 2010-12
- Citation
- Global Telecommunications Conference (GLOBECOM) 2010, pp.1-5
- Language
- English
- Type
- Conference Paper
- Abstract
- Although port scan detection techniques have been widely adopted by the modern network based security systems, the effectiveness of these techniques can significantly be limited since the detection performance heavily relies on the statically determined detection threshold. To tackle the problem, a multi-resolution approach called MRDS, maintaining multiple monitoring windows with the corresponding detection thresholds, has been proposed. However, deploying such technique in a high speed network is not easy due to the time and space complexity required for calculating the number of unique destination addresses contacted in the multiple monitoring windows. In this paper, we present a novel failed flow dispersion estimation technique, called Multi-Window State Map (MWSM), which requires a small amount of memory and a constant number of memory access for implementing the multi-resolution concept. We then extend the proposed MWSMinto a complete port scan detector. Simulation results with real world traffic traces indicate that the proposed estimation technique manages the expected relative error and average standard error of less than 0.8% and 9% respectively and thus the MWSM based detection scheme reduces false positives by 60% compared to MRDS. ©2010 IEEE.
- KSP Keywords
- Detection scheme, Detection threshold, Estimation technique, False Positive(FP), Flow dispersion, High-speed networks, Memory Access, Multi-resolution approach, Real-world, Relative error, Time and Space Complexity