• DocumentCode
    459450
  • Title

    Scalable Double Filter Structure for Port Scan Detection

  • Author

    Kong, Shijin ; He, Tao ; Shao, Xiaoxin ; An, Changqing ; Li, Xing

  • Author_Institution
    Department of Electronic Engineering, Tsinghua University, Beijing, P.R.China 100084. Email: ksj00@mails.tsinghua.edu.cn
  • Volume
    5
  • fYear
    2006
  • fDate
    38869
  • Firstpage
    2177
  • Lastpage
    2182
  • Abstract
    Port scan detection is very important to predict network intrusions and prevent viruses from spreading. Many networks deploy Network Intrusion Detection Systems (NIDS) to detect port scans in real-time. However, most NIDS are perflow based. They are not scalable on high speed links since it is infeasible to maintain the states of numerous flows. In this paper, we propose a scalable scheme for real-time port scan detection without keeping any per-flow state. We use a double-filter structure to find out pairs which connect to more than N pairs in T time. The experimental results on real network traces show that our scheme can find out those over-threshold pairs with high accuracy. It is easy to scale our scheme to high speed environments due to its little memory consumption and fast processing pipeline.
  • Keywords
    Computer viruses; Electronics packaging; Filters; Internet; Intrusion detection; Maintenance engineering; Monitoring; Pipelines; Real time systems; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications, 2006. ICC '06. IEEE International Conference on
  • Conference_Location
    Istanbul
  • ISSN
    8164-9547
  • Print_ISBN
    1-4244-0355-3
  • Electronic_ISBN
    8164-9547
  • Type

    conf

  • DOI
    10.1109/ICC.2006.255093
  • Filename
    4024488
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=459450