Improving the detection of On-line Vertical Port Scan in IP Traffic

Abstract : We propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.
Type de document :
Communication dans un congrès
Fabio Martinelli and Jean-Louis Lanet and William Fitzgerald and Simon Foley. CRiSIS 2012 - 7th International Conference on Risks and Security of Internet and Systems, Oct 2012, Cork, Ireland. IEEE, pp.1-6, 2012, 〈10.1109/CRISIS.2012.6378945〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00773108
Contributeur : Philippe Robert <>
Soumis le : vendredi 29 novembre 2013 - 08:45:50
Dernière modification le : mercredi 10 janvier 2018 - 16:40:56
Document(s) archivé(s) le : lundi 3 mars 2014 - 13:52:12

Fichier

IJSSE.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Yousra Chabchoub, Christine Fricker, Philippe Robert. Improving the detection of On-line Vertical Port Scan in IP Traffic. Fabio Martinelli and Jean-Louis Lanet and William Fitzgerald and Simon Foley. CRiSIS 2012 - 7th International Conference on Risks and Security of Internet and Systems, Oct 2012, Cork, Ireland. IEEE, pp.1-6, 2012, 〈10.1109/CRISIS.2012.6378945〉. 〈hal-00773108〉

Partager

Métriques

Consultations de la notice

413

Téléchargements de fichiers

382