TITLE:
Two Pass Port Scan Detection Technique Based on Connection Pattern and Status on Sampled Data
AUTHORS:
Sunil Kumar, Kamlesh Dutta, Ankit Asati
KEYWORDS:
Port Scan, TRW, TAPS, CPST, Packet Sampling, Flow Sampling
JOURNAL NAME:
Journal of Computer and Communications,
Vol.3 No.9,
September
1,
2015
ABSTRACT: Anomaly detection is now very important in
the network because the increasing use of the internet and security of a
network or user is a main concern of any network administrator. As the use of
the internet increases, so the chances of having a threat or attack in the
network are also increasing day by day and traffic in the network is also
increasing. It is very difficult to analyse all the traffic data in network for
finding the anomaly in the network and sampling provides a way to analyse the
anomalies in network with less traffic data. In this paper, we propose a port
scan detection approach called CPST uses connection status and pattern of the
connections to detect a particular source is scanner or benign host. We also
show that this approach works efficiently under different sampling methods.