To Support Customers in Easily and Affordably Obtaining Titles in Electronic Format IGI Global is Now Offering a 50% Discount on ALL E-Books and E-Journals Ordered Directly Through IGI Global’s Online Bookstore
Additionally, Enjoy a 20% Discount on all Other Products and FormatsBrowse Titles

Special Offers
- As Part of Our Efforts to Assist Customers with More Easily and Affordably
  Obtaining Titles in Electronic Format, IGI Global is Now Offering a 50% Discount on
  All E-Books and E-Journals Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing online resources, IGI Global is offering a 50% discount on all e-book and e-journals. This opportunity is ideal for librarian customers convert previously acquired print holdings to electronic format at a 50% discount.
  *The 50% discount is offered for all e-books and e-journals purchased on IGI Global’s Online Bookstore. E-books and e-journals are hosted on IGI Global’s InfoSci® platform and available for PDF and/or ePUB download on a perpetual or subscription basis. This discount cannot be combined with any other discount or promotional offer. Offer expires June 30, 2020.
  Browse Titles
  Convert Your IGI Global Print Holdings to Electronic Format through IGI Global’s
  InfoSci® Platform or ProQuest’s Ebook Central, or EBSCOhost
  To assist you during the COVID-19 pandemic, IGI Global will convert libraries previously acquired print holdings to electronic formats directly through our InfoSci® platform, ProQuest’s E-Book Central, or EBSCOhost at a 50% discount. Send us a list of IGI Global publications you would like to convert, and we’ll promptly facilitate the set-up and access.
  Learn More
- View Over 900+ IGI Global Titles Related to COVID-19 Pandemic
  IGI Global offers a rich volume of content related to treatment, mitigation, and emergency and disaster preparedness surrounding epidemics and pandemics such as COVID-19. All of these titles are available in electronic format at a 50% discount making them ideal resources for online learning environments.
  View Titles
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
Books
Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Improving the Detection of On-Line Vertical Port Scan in IP Traffic

Christine Fricker (INRIA, Le Chesnay, France), Philippe Robert (INRIA, Le Chesnay, France) and Yousra Chabchoub (ISEP, Paris, France)

Source Title: International Journal of Secure Software Engineering (IJSSE) 5(1)

DOI: 10.4018/ijsse.2014010104

OnDemand PDF Download:

$37.50

Abstract

The authors propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.

Article Preview

Top

Introduction

Problem Statement

We address in this paper the problem of designing an on-line algorithm for identifying port scan attacks in IP traffic. A port scan is a method of determining whether particular services are available on a host or a network by observing responses to connection attempts (Devivo, 1999). The received information is exploited to identify weaknesses and vulnerabilities of the host and to launch therefore more serious attacks. Several attack tools are now available and can easily be used (see (Nmap; Foundstone) and (Nessus)). Port scan can be launched from one or several sources. In this latter case, we are dealing with distributed attacks, which are more difficult to detect as the contribution of each source can be considered as legitimate traffic. According to Staniford (2002) port scan attacks can be classified into two categories:

1.
Vertical scan consisting of scanning a big number of destination ports of a single destination address.
2.
Horizontal scan when many IP addresses are scanned (generally within the same subnet), on one or several ports.

Complete Article List

Search this Journal:

Reset

Open Access Articles: Forthcoming

Volume 8: 4 Issues (2017)

Volume 7: 4 Issues (2016)

Volume 6: 4 Issues (2015)

Volume 5: 4 Issues (2014)

Volume 4: 4 Issues (2013)

Volume 3: 4 Issues (2012)

Volume 2: 4 Issues (2011)

Volume 1: 4 Issues (2010)

View Complete Journal Contents Listing

MLA

APA

Chicago

Export Reference

Improving the Detection of On-Line Vertical Port Scan in IP Traffic

Abstract

Introduction

Problem Statement

Complete Article List