Detecting network portscans through anomoly detection

Hyukjoon Kim; Surrey Kim; Michael Alexander Kouritzin; Wei Sun

doi:10.1117/12.546127

9 August 2004 Detecting network portscans through anomoly detection

Hyukjoon Kim, Surrey Kim, Michael Alexander Kouritzin, Wei Sun

Proceedings Volume 5429, Signal Processing, Sensor Fusion, and Target Recognition XIII; (2004) https://doi.org/10.1117/12.546127
Event: Defense and Security, 2004, Orlando, Florida, United States

Abstract

In this note, we consider the problem of detecting network portscans through the use of anomaly detection. First, we introduce some static tests for analyzing traffic rates. Then, we make use of two dynamic chi-square tests to detect anomalous packets. Further, we model network traffic as a marked point process and introduce a general portscan model. Simulation results for correct detects and false alarms are presented using this portscan model and the statistical tests.

Citation Download Citation

Hyukjoon Kim, Surrey Kim, Michael Alexander Kouritzin, and Wei Sun "Detecting network portscans through anomoly detection", Proc. SPIE 5429, Signal Processing, Sensor Fusion, and Target Recognition XIII, (9 August 2004); https://doi.org/10.1117/12.546127

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available