使用贝叶斯决策来检测慢扫描

2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) Pub Date : 2015-11-01 DOI:10.1109/BADGERS.2015.015

I. Shimada, Yu Tsuda, Masashi Eto, D. Inoue

{"title":"使用贝叶斯决策来检测慢扫描","authors":"I. Shimada, Yu Tsuda, Masashi Eto, D. Inoue","doi":"10.1109/BADGERS.2015.015","DOIUrl":null,"url":null,"abstract":"In a targeted cyberattack, attackers perform a search for vulnerable hosts in the internal network of targeting organization. Then, they try to increase the number of hosts that can be used as stepping stone for further attacks. Attackers would like to perform these activities in hidden from networkbased security appliances such as firewalls and network intrusion detection systems (NIDSs). One of the methods to hide their reconnaissance is a slow scan, which can be search and spread over several months mixed with large-scale normal live traffic. The method is very simple but it is effective to evade general firewalls or NIDSs. In this paper, we focus on a slow scan activities and we propose a simple and an efficient approach to detect a slow scan using Bayesian decision making within live network traffic. Our method enables to detect a slow scan as early as possible and to stop attackers' reconnoitering the internal network quickly.","PeriodicalId":150208,"journal":{"name":"2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Using Bayesian Decision Making to Detect Slow Scans\",\"authors\":\"I. Shimada, Yu Tsuda, Masashi Eto, D. Inoue\",\"doi\":\"10.1109/BADGERS.2015.015\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a targeted cyberattack, attackers perform a search for vulnerable hosts in the internal network of targeting organization. Then, they try to increase the number of hosts that can be used as stepping stone for further attacks. Attackers would like to perform these activities in hidden from networkbased security appliances such as firewalls and network intrusion detection systems (NIDSs). One of the methods to hide their reconnaissance is a slow scan, which can be search and spread over several months mixed with large-scale normal live traffic. The method is very simple but it is effective to evade general firewalls or NIDSs. In this paper, we focus on a slow scan activities and we propose a simple and an efficient approach to detect a slow scan using Bayesian decision making within live network traffic. Our method enables to detect a slow scan as early as possible and to stop attackers' reconnoitering the internal network quickly.\",\"PeriodicalId\":150208,\"journal\":{\"name\":\"2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BADGERS.2015.015\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BADGERS.2015.015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

有针对性的网络攻击是指攻击者在目标组织的内部网络中搜索易受攻击的主机。然后，他们试图增加主机的数量，这些主机可以用作进一步攻击的垫脚石。攻击者希望在基于网络的安全设备(如防火墙和网络入侵检测系统(nids))隐藏的情况下执行这些活动。其中一种隐藏侦察的方法是慢扫描，它可以在几个月的时间内搜索和传播，并与大规模的正常实时流量混合在一起。该方法非常简单，但可以有效地规避一般的防火墙或网络入侵防御系统。在本文中，我们专注于慢扫描活动，我们提出了一个简单而有效的方法来检测慢扫描使用贝叶斯决策在实时网络流量。我们的方法能够尽早发现慢扫描，快速阻止攻击者对内部网络的侦察。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using Bayesian Decision Making to Detect Slow Scans

In a targeted cyberattack, attackers perform a search for vulnerable hosts in the internal network of targeting organization. Then, they try to increase the number of hosts that can be used as stepping stone for further attacks. Attackers would like to perform these activities in hidden from networkbased security appliances such as firewalls and network intrusion detection systems (NIDSs). One of the methods to hide their reconnaissance is a slow scan, which can be search and spread over several months mixed with large-scale normal live traffic. The method is very simple but it is effective to evade general firewalls or NIDSs. In this paper, we focus on a slow scan activities and we propose a simple and an efficient approach to detect a slow scan using Bayesian decision making within live network traffic. Our method enables to detect a slow scan as early as possible and to stop attackers' reconnoitering the internal network quickly.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)

自引率

0.00%

发文量