A Rule-based Approach for Port Scanning Detection
نویسندگان
چکیده
Intrusion detection has been performed at network and host level for detecting various attacks. Port scanning could be classified as one of the network intrusions. This paper presents a method for detecting port scanning attacks using rule-based state diagram techniques. A set of rules corresponding with the appropriate thresholds was designed for intrusion decision. Experiment results under real environment show that port scanning patterns are successfully detected in real-time.
منابع مشابه
Rule-Based Network Intrusion Detection System for Port Scanning with Efficient Port Scan Detection Rules Using Snort
In the field of network security, researchers have implemented different models to secure the network. Intrusion Detection System is also one of them and Snort is an open source tool for Intrusion Detection and Prevention System. Today intrusion Detection System is a growing technology in network security and mostly researchers have focused in this field, some of them used signature or rule-bas...
متن کاملUpdating snort with a customized controller to thwart port scanning
Wired and wireless networks are being attacked and hacked on continuous basis. One of the critical pieces of information the attacker needs to know is the open ports on the victim’s machine, thus the attacker does what is called port scanning. Port scanning is considered one of the dangerous attacks that intrusion detection tries to detect. Snort, a famous network intrusion detection system (NI...
متن کاملAnomaly Intrusion Detection by Internet Datamining of Traffic Episodes*
We present a new datamining approach to generating frequent episode rules for building anomaly-based, intrusion detection systems. The episode rules are generated to detect anomalous sequences of TCP, UDP, or ICMP connections, which deviate from normal traffic episodes. Rule pruning techniques are introduced to reduce the search space by 40-70%. The new method demonstrates its effectiveness in ...
متن کاملA hybridization of evolutionary fuzzy systems and ant Colony optimization for intrusion detection
A hybrid approach for intrusion detection in computer networks is presented in this paper. The proposed approach combines an evolutionary-based fuzzy system with an Ant Colony Optimization procedure to generate high-quality fuzzy-classification rules. We applied our hybrid learning approach to network security and validated it using the DARPA KDD-Cup99 benchmark data set. The results indicate t...
متن کاملA New Hybrid Approach of K-Nearest Neighbors Algorithm with Particle Swarm Optimization for E-Mail Spam Detection
Emails are one of the fastest economic communications. Increasing email users has caused the increase of spam in recent years. As we know, spam not only damages user’s profits, time-consuming and bandwidth, but also has become as a risk to efficiency, reliability, and security of a network. Spam developers are always trying to find ways to escape the existing filters therefore new filters to de...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000