Statistical cross-relation approach for detecting TCP and UDP random and sequential network scanning (SCANS)
作者: Mohammed AnbarAhmed ManasrahSelvakumar Manickam
作者单位: 1National Advanced IPv6 Centre of Excellence , Universiti Sains Malaysia , Penang , Malaysia
2Faculty of Information Technology and Computer Sciences , Yarmouk University , Irbid , Jordan
刊名: International Journal of Computer Mathematics, 2012, Vol.89 (15), pp.1952-1969
来源数据库: Taylor & Francis Journal
DOI: 10.1080/00207160.2012.696621
关键词: network scanningintrusion detection systemTCP scanningUDP scanning
原始语种摘要: Network scanning is considered to be the first step taken by attackers trying to gain access to a targeted network. System and network administrators find it useful if they are able to identify the targets scanned by network attackers. Resources and services can be further protected by patching or installing security measures, such as a firewall, an intrusion detection system, or some alternative computer system. This paper presents a statistical ‘cross-relation’ approach for detecting network scanning and identifying its targets. Our approach is based on using TCP RST packets for detecting TCP sequential scanning and ICMP type 3 (port unreachable) packets for detecting UDP sequential scanning. TCP or UDP random scanning is confirmed when there is a ‘cross-relation’ between an ICMP type...
全文获取路径: Taylor & Francis  (合作)
影响因子:0.542 (2012)

  • sequential 连续的
  • SCANS Stanford(University)Computer for Analysis of Nuclear Structure
  • UDP User Datagram Protocol
  • detecting 检测
  • scanning 扫描
  • random 随机的
  • network 网络
  • cross 十字
  • relation 关系
  • approach