Title :
Detection of TCP SYN Scanning Using Packet Counts and Neural Network
Author :
Soniya, B. ; Wiscy, M.
Author_Institution :
Dept. of Comput. Sci. & Eng., SCT Coll. of Eng., Trivandrum, India
fDate :
Nov. 30 2008-Dec. 3 2008
Abstract :
Port scanning is used by malicious users to map the characteristics of a network to launch further attacks. Hence, detection of port scanning assumes paramount importance. This paper investigates the effectiveness of using counts of various TCP control packets in detecting TCP SYN scanning on a single machine. The behavioural characteristics of TCP control packets are aggregated. A neural network is trained to capture this behaviour for normal as well as port scan data. It is seen from the investigation that the counts of TCP SYN, SYN-ACK and FIN packets show definite patterns in their behaviour for legitimate connections. A deviation from this behaviour is used to effectively detect TCP SYN scanning without maintaining state information.
Keywords :
neural nets; security of data; telecommunication security; FIN packets; SYN-ACK packets; TCP SYN scanning; TCP control packets; intrusion detection; neural network; packet counts; port scanning detection; Computer science; Detection algorithms; Educational institutions; IP networks; Intrusion detection; Neural networks; Protocols; Taxonomy; Telecommunication traffic; Testing; neural network; port scan;
Conference_Titel :
Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on
Conference_Location :
Bali
Print_ISBN :
978-0-7695-3493-0
DOI :
10.1109/SITIS.2008.33
