Skip to Main content Skip to Navigation
New interface
Conference papers

Improving the detection of On-line Vertical Port Scan in IP Traffic

Abstract : We propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.
Document type :
Conference papers
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Philippe Robert Connect in order to contact the contributor
Submitted on : Friday, November 29, 2013 - 8:45:50 AM
Last modification on : Friday, January 21, 2022 - 3:15:08 AM
Long-term archiving on: : Monday, March 3, 2014 - 1:52:12 PM


Files produced by the author(s)




Yousra Chabchoub, Christine Fricker, Philippe Robert. Improving the detection of On-line Vertical Port Scan in IP Traffic. CRiSIS 2012 - 7th International Conference on Risks and Security of Internet and Systems, Oct 2012, Cork, Ireland. pp.1-6, ⟨10.1109/CRISIS.2012.6378945⟩. ⟨hal-00773108⟩



Record views


Files downloads