Paper Abstract and Keywords |
Presentation |
2011-03-01 15:25
Scan Detection Method Based on Multi-Point Observation Kei Higashijima, Daiki Nobayashi, Yutaka Nakamura, Takeshi Ikenaga (KIT), Shunji Abe, Shigeo Urushidani, Shigeki Yamada (NII) SITE2010-66 IA2010-102 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
The Internet is important infrastructure of the social foundation.
The attacks to the Internet which obstruct stable operation are appearing.
In order to achieve stable operation of the Internet, we should detect these attacks rapidly.
The attacker scans to the target host as a feasibility study before the actual attack.Therefore, we can work out countermeasure by detecting the scan from the attacker.
However, it is difficult for the manager to distinguish whether normal traffic or scan attack,
because slow scan is limited packet and bandwidth.
We propose the new method in cooperation with the result of multi-site measurement to detect these scans.
Our aim is to extracting the attacking hosts to the multi-site.
As the result of traffic analysis, we could detect the multi-site attacking hosts.
In the 10 minutes measurement data, our proposed algorithm showed that 23 sites need to cooperate.
In the 1 minute measurement data, we showed that 84 sites need to cooperate. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Portscan / Scan Dtection / Multi-Point Observation / Network Security / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 110, no. 430, IA2010-102, pp. 225-230, Feb. 2011. |
Paper # |
IA2010-102 |
Date of Issue |
2011-02-21 (SITE, IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
SITE2010-66 IA2010-102 |
|