{"title":"端口扫描报文的正交扩展","authors":"H. Kikuchi, Tomohiro Kobori, M. Terada","doi":"10.1109/NBiS.2009.82","DOIUrl":null,"url":null,"abstract":"Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows 1) analysis of sensors with few significant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, 2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and 3) approximation of number of scanning packets at arbitrarily specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets.","PeriodicalId":312802,"journal":{"name":"2009 International Conference on Network-Based Information Systems","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Orthogonal Expansion of Port-scanning Packets\",\"authors\":\"H. Kikuchi, Tomohiro Kobori, M. Terada\",\"doi\":\"10.1109/NBiS.2009.82\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows 1) analysis of sensors with few significant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, 2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and 3) approximation of number of scanning packets at arbitrarily specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets.\",\"PeriodicalId\":312802,\"journal\":{\"name\":\"2009 International Conference on Network-Based Information Systems\",\"volume\":\"80 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-08-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Network-Based Information Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NBiS.2009.82\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Network-Based Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NBiS.2009.82","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows 1) analysis of sensors with few significant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, 2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and 3) approximation of number of scanning packets at arbitrarily specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
