A probabilistic approach to detecting network scans
C Leckie, R Kotagiri - … 2002. IEEE/IFIP Network Operations and …, 2002 - ieeexplore.ieee.org
C Leckie, R Kotagiri
NOMS 2002. IEEE/IFIP Network Operations and Management Symposium …, 2002•ieeexplore.ieee.orgThis paper presents a probabilistic approach for detecting network scans in real-time. Unlike
previous approaches, our model takes into consideration both the number of destinations or
ports accessed by a source, as well as how unusual these accesses are. We demonstrate
the effectiveness of our approach in terms of accuracy and throughput, based on an analysis
of the unusual sources that were found in real-life packet trace files.
previous approaches, our model takes into consideration both the number of destinations or
ports accessed by a source, as well as how unusual these accesses are. We demonstrate
the effectiveness of our approach in terms of accuracy and throughput, based on an analysis
of the unusual sources that were found in real-life packet trace files.
This paper presents a probabilistic approach for detecting network scans in real-time. Unlike previous approaches, our model takes into consideration both the number of destinations or ports accessed by a source, as well as how unusual these accesses are. We demonstrate the effectiveness of our approach in terms of accuracy and throughput, based on an analysis of the unusual sources that were found in real-life packet trace files.
ieeexplore.ieee.org