Abstract
Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect port scanning attacks earlier with higher reliability than the widely used Snort-based approaches. Our method is profile-based, meaning that it does not only set a threshold on the connection attempts in a given time interval, like most of the current methods, but builds an IP profile of four features that enables a more fine-grained detection. We use the Budapest node of the FIWARE Lab community cloud as a natural honeypot to identify malicious activities in it.
Author supplied keywords
Cite
CITATION STYLE
Hajdú-Szücs, K., Laki, S., & Kiss, A. (2017). A Profile-Based Fast Port Scan Detection Method. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10448 LNAI, pp. 401–410). Springer Verlag. https://doi.org/10.1007/978-3-319-67074-4_39
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
