• DocumentCode
    2027513
  • Title

    Detection of TCP SYN Scanning Using Packet Counts and Neural Network

  • Author

    Soniya, B. ; Wiscy, M.

  • Author_Institution
    Dept. of Comput. Sci. & Eng., SCT Coll. of Eng., Trivandrum, India
  • fYear
    2008
  • fDate
    Nov. 30 2008-Dec. 3 2008
  • Firstpage
    646
  • Lastpage
    649
  • Abstract
    Port scanning is used by malicious users to map the characteristics of a network to launch further attacks. Hence, detection of port scanning assumes paramount importance. This paper investigates the effectiveness of using counts of various TCP control packets in detecting TCP SYN scanning on a single machine. The behavioural characteristics of TCP control packets are aggregated. A neural network is trained to capture this behaviour for normal as well as port scan data. It is seen from the investigation that the counts of TCP SYN, SYN-ACK and FIN packets show definite patterns in their behaviour for legitimate connections. A deviation from this behaviour is used to effectively detect TCP SYN scanning without maintaining state information.
  • Keywords
    neural nets; security of data; telecommunication security; FIN packets; SYN-ACK packets; TCP SYN scanning; TCP control packets; intrusion detection; neural network; packet counts; port scanning detection; Computer science; Detection algorithms; Educational institutions; IP networks; Intrusion detection; Neural networks; Protocols; Taxonomy; Telecommunication traffic; Testing; neural network; port scan;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Signal Image Technology and Internet Based Systems, 2008. SITIS '08. IEEE International Conference on
  • Conference_Location
    Bali
  • Print_ISBN
    978-0-7695-3493-0
  • Type

    conf

  • DOI
    10.1109/SITIS.2008.33
  • Filename
    4725866
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2027513