基于通信行为的慢扫描攻击检测

Proceedings of the 2020 10th International Conference on Communication and Network Security Pub Date : 2020-11-27 DOI:10.1145/3442520.3442525

Tomoya Yamashita, Daisuke Miyamoto, Y. Sekiya, Hiroshi Nakamura

{"title":"基于通信行为的慢扫描攻击检测","authors":"Tomoya Yamashita, Daisuke Miyamoto, Y. Sekiya, Hiroshi Nakamura","doi":"10.1145/3442520.3442525","DOIUrl":null,"url":null,"abstract":"We present a novel method for detecting slow scan attacks. Attackers collect information about vulnerabilities in hosts by scan attacks and then penetrate the systems based on the collected information. Detection of scan attacks is therefore useful to avoid the following attacks. The intrusion detection system (IDS) has been proposed for detecting scan attacks. However, it cannot detect slow scan attacks that are executed slowly over a long period. In this paper, we introduce novel features that are useful to distinguish the difference in the communication behavior between the scanning hosts and the benign hosts. Then, we propose the detection method using the features. Furthermore, through the experiments, we confirm the effectiveness of our method for detecting a slow scan attack.","PeriodicalId":340416,"journal":{"name":"Proceedings of the 2020 10th International Conference on Communication and Network Security","volume":"101 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Slow Scan Attack Detection Based on Communication Behavior\",\"authors\":\"Tomoya Yamashita, Daisuke Miyamoto, Y. Sekiya, Hiroshi Nakamura\",\"doi\":\"10.1145/3442520.3442525\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a novel method for detecting slow scan attacks. Attackers collect information about vulnerabilities in hosts by scan attacks and then penetrate the systems based on the collected information. Detection of scan attacks is therefore useful to avoid the following attacks. The intrusion detection system (IDS) has been proposed for detecting scan attacks. However, it cannot detect slow scan attacks that are executed slowly over a long period. In this paper, we introduce novel features that are useful to distinguish the difference in the communication behavior between the scanning hosts and the benign hosts. Then, we propose the detection method using the features. Furthermore, through the experiments, we confirm the effectiveness of our method for detecting a slow scan attack.\",\"PeriodicalId\":340416,\"journal\":{\"name\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"volume\":\"101 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 10th International Conference on Communication and Network Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3442520.3442525\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 10th International Conference on Communication and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3442520.3442525","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

提出了一种检测慢扫描攻击的新方法。攻击者通过扫描攻击的方式收集主机的漏洞信息，然后利用这些信息对系统进行渗透。因此，检测扫描攻击有助于避免以下攻击。提出了一种检测扫描攻击的入侵检测系统(IDS)。但不能检测长时间缓慢执行的慢扫描攻击。在本文中，我们引入了一些新的特征，这些特征有助于区分扫描主机和良性主机之间通信行为的差异。然后，我们提出了基于特征的检测方法。此外，通过实验验证了该方法检测慢扫描攻击的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Slow Scan Attack Detection Based on Communication Behavior

We present a novel method for detecting slow scan attacks. Attackers collect information about vulnerabilities in hosts by scan attacks and then penetrate the systems based on the collected information. Detection of scan attacks is therefore useful to avoid the following attacks. The intrusion detection system (IDS) has been proposed for detecting scan attacks. However, it cannot detect slow scan attacks that are executed slowly over a long period. In this paper, we introduce novel features that are useful to distinguish the difference in the communication behavior between the scanning hosts and the benign hosts. Then, we propose the detection method using the features. Furthermore, through the experiments, we confirm the effectiveness of our method for detecting a slow scan attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2020 10th International Conference on Communication and Network Security

自引率

0.00%

发文量