MF研究者総覧

教員活動データベース

A Behavior-based Method for Detecting Distributed Scan Attacks in Darknets

発表形態:
原著論文
主要業績:
主要業績
単著・共著:
共著
発表年月:
2013年07月
DOI:
10.2197/ipsjjip.21.527
会議属性:
指定なし
査読:
有り
リンク情報:

日本語フィールド

著者:
Yaokai Feng, Yoshiaki Hori, Kouichi Sakurai, Jun'ichi Takeuchi
題名:
A Behavior-based Method for Detecting Distributed Scan Attacks in Darknets
発表情報:
Journal of Information Processing 巻: 21 号: 3 ページ: 527-538
キーワード:
distributed scan, anomaly detection, cyber-attack, collaborative attack, behavior-based methods, darknets
概要:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan attacks have become one of the most serious problems. In this study, we propose a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In our proposed method, all the possible destination TCP and UDP ports are monitored, and when a port is attacked by a distributed scan, an alert is given. Moreover, the alert can have several levels reflecting the relative scale of the attack. To accelerate learning and updating the normal behavior modes and to realize rapid detection, an index is introduced, which is proved to be very efficient. The efficiency of our proposal is verified using real darknet traffic data. Although our proposal focuses on darknets, the idea can also be applied to ordinary networks.
抄録:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan attacks have become one of the most serious problems. In this study, we propose a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In our proposed method, all the possible destination TCP and UDP ports are monitored, and when a port is attacked by a distributed scan, an alert is given. Moreover, the alert can have several levels reflecting the relative scale of the attack. To accelerate learning and updating the normal behavior modes and to realize rapid detection, an index is introduced, which is proved to be very efficient. The efficiency of our proposal is verified using real darknet traffic data. Although our proposal focuses on darknets, the idea can also be applied to ordinary networks.

英語フィールド

Author:
Yaokai Feng, Yoshiaki Hori, Kouichi Sakurai, Jun'ichi Takeuchi
Title:
A Behavior-based Method for Detecting Distributed Scan Attacks in Darknets
Announcement information:
Journal of Information Processing Vol: 21 Issue: 3 Page: 527-538
Keyword:
distributed scan, anomaly detection, cyber-attack, collaborative attack, behavior-based methods, darknets
An abstract:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan attacks have become one of the most serious problems. In this study, we propose a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In our proposed method, all the possible destination TCP and UDP ports are monitored, and when a port is attacked by a distributed scan, an alert is given. Moreover, the alert can have several levels reflecting the relative scale of the attack. To accelerate learning and updating the normal behavior modes and to realize rapid detection, an index is introduced, which is proved to be very efficient. The efficiency of our proposal is verified using real darknet traffic data. Although our proposal focuses on darknets, the idea can also be applied to ordinary networks.
An abstract:
The technologies used by attackers in the Internet environment are becoming more and more sophisticated. Of the many kinds of attacks, distributed scan attacks have become one of the most serious problems. In this study, we propose a novel method based on normal behavior modes of traffic to detect distributed scan attacks in darknet environments. In our proposed method, all the possible destination TCP and UDP ports are monitored, and when a port is attacked by a distributed scan, an alert is given. Moreover, the alert can have several levels reflecting the relative scale of the attack. To accelerate learning and updating the normal behavior modes and to realize rapid detection, an index is introduced, which is proved to be very efficient. The efficiency of our proposal is verified using real darknet traffic data. Although our proposal focuses on darknets, the idea can also be applied to ordinary networks.


Copyright © MEDIA FUSION Co.,Ltd. All rights reserved.