Title :
Reconnaissance Scan Detection Heuristics to disrupt the pre-attack information gathering
Author :
Udhayan, J. ; Prabu, M.M. ; Krishnan, V.A. ; Anitha, R.
Author_Institution :
Dept of Math. & Comput. Applic., PSG Coll. of Technol., Coimbatore, India
Abstract :
Inception stage of devastating attacks like DDoS attacks and botnet hosted attacks includes compromising numerous computers or networks over the Internet. The Port scanning tools are often used by the attackers not only to identify the vulnerable servers but also to identify the vulnerable network or vulnerable computers over the Internet. If the attackers can identify a single vulnerability then, with the use of malicious codes they can compromise that system and makes it a zombie. By compromising a group of computers the attackers can constitute the malicious botnet or zombie army. These are then used to perform a range of devastating attacks. One possible solution to curb the zombie army or malicious botnet is by detecting and blocking or dropping the reconnaissance scan, otherwise port scan. Numerous port scanning techniques are available today. To detect them all, one single algorithm is not sufficient so we derived a set of heuristics to detect the port scan traffic, even the crafty ones.
Keywords :
Internet; security of data; DDoS attacks; Internet; Port scanning tools; botnet hosted attacks; malicious botnet; port scan traffic; preattack information gathering; reconnaissance scan detection heuristics; zombie army; Computer applications; Computer crime; Computer hacking; Computer networks; Educational institutions; IP networks; Internet; Military computing; Probes; Reconnaissance;
Conference_Titel :
Network and Service Security, 2009. N2S '09. International Conference on
Conference_Location :
Paris
Print_ISBN :
978-2-9532-4431-1
