Adaptive Detection of Local Scanners
نویسندگان
چکیده
Network attacks often employ scanning to locate vulnerable hosts and services. Fast and accurate detection of local scanners is key to containing an epidemic in its early stage. Existing scan detection schemes use statically determined detection criteria, and as a result do not respond well to traffic perturbations. We present two adaptive scan detection schemes, Success Based (SB) and Failure Based (FB), which change detection criteria based on traffic statistics. We evaluate the proposed schemes analytically and empirically using network traces. Against fast scanners, the adaptive schemes render detection precision similar to the traditional static schemes. For slow scanners, the adaptive schemes are much more effective, both in terms of detection precision and speed. SB and FB have non-linear properties not present in other schemes. These properties permit a lower Sustained Scanning Threshold and a robustness against perturbations in the background traffic.
منابع مشابه
Fast Detection of Local Scanners Using Adaptive Methods
Network attacks often employ scanning to locate vulnerable hosts and services. Unimpeded scanning can lead to the subversion of an entire vulnerable population in a matter of minutes. Fast and accurate detection of local scanners is key to contain a spreading epidemic in its early stage. Existing scan detection schemes can detect fast scanners whose behavior can be clearly delineated from that ...
متن کاملAdaptive Decision Fusion in Detection Networks
In a detection
 network, the final decision is made by fusing the decisions from local detectors. The objective of that decision is to minimize the final error probability. To implement and optimal fusion rule, the performance of each detector, i.e. its probability of false alarm and its probability of missed detection as well as the a priori probabilities of the hypotheses, must be known. H...
متن کاملAdaptive Decision Fusion in Detection Networks
In a detection network, the final decision is made by fusing the decisions from local detectors. The objective of that decision is to minimize the final error probability. To implement and optimal fusion rule, the performance of each detector, i.e. its probability of false alarm and its probability of missed detection as well as the a priori probabilities of the hypotheses, must be known. How...
متن کاملFace Detection at the Low Light Environments
Today, with the advancement of technology, the use of tools for extracting information from video are much wider in terms of both visual power and the processing power. High-speed car, perfect detection accuracy, business diversity in the fields of medical, home appliances, smart cars, humanoid robots, military systems and the commercialization makes these systems cost effective. Among the most...
متن کاملIdentification and Robust Fault Detection of Industrial Gas Turbine Prototype Using LLNF Model
In this study, detection and identification of common faults in industrial gas turbines is investigated. We propose a model-based robust fault detection(FD) method based on multiple models. For residual generation a bank of Local Linear Neuro-Fuzzy (LLNF) models is used. Moreover, in fault detection step, a passive approach based on adaptive threshold is employed. To achieve this purpose, the a...
متن کامل