Improving the detection of On-line Vertical Port Scan in IP Traffic

Abstract : We propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.
Document type :
Conference papers
Complete list of metadatas

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-00773108
Contributor : Philippe Robert <>
Submitted on : Friday, November 29, 2013 - 8:45:50 AM
Last modification on : Thursday, February 7, 2019 - 5:55:54 PM
Long-term archiving on : Monday, March 3, 2014 - 1:52:12 PM

File

IJSSE.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Yousra Chabchoub, Christine Fricker, Philippe Robert. Improving the detection of On-line Vertical Port Scan in IP Traffic. CRiSIS 2012 - 7th International Conference on Risks and Security of Internet and Systems, Oct 2012, Cork, Ireland. pp.1-6, ⟨10.1109/CRISIS.2012.6378945⟩. ⟨hal-00773108⟩

Share

Metrics

Record views

713

Files downloads

518