| Presentation | 2007-07-20 Orthogonal expansion of port-scan packets Tomohiro KOBORI, Hiroaki KIKUCHI, Masato TERADA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Observation of port-scan packets performed over the Internet is involved with so many parameters including time, port numbers, source and destination addresses. There are some common port numbers to which many malicious codes likely use to scan, but a relationship between port numbers and the malicious codes are not clearly identified. In this paper, we propose a new attempt to figure characteristics of port-scans observed from distributed many sensors. Our method allows 1) analysis of sensors with few significiant factors extracted from an orthogonal expansion of port-scan packets, rather than taking care of all possible statistics of port numbers, 2) compression of packets data, computed by linear combination of limited number of orthogonal factors, and 3) approximation of number of scanning packets at arbitrarly specified sensor and ports, made from statistical correlation between port numbers. We also evaluate the accuracy of our proposed approximation algorithm based on actually observed packets. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | orthogonal expansion / port-scan / reconstruction of malicious access |
| Paper # | ISEC2007-51 |
| Date of Issue |
| Conference Information | |
| Committee | ISEC |
|---|---|
| Conference Date | 2007/7/13(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Security (ISEC) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Orthogonal expansion of port-scan packets |
| Sub Title (in English) | |
| Keyword(1) | orthogonal expansion |
| Keyword(2) | port-scan |
| Keyword(3) | reconstruction of malicious access |
| 1st Author's Name | Tomohiro KOBORI |
| 1st Author's Affiliation | Couse of Information Engineering, Graduate School of Engineering Tokai University() |
| 2nd Author's Name | Hiroaki KIKUCHI |
| 2nd Author's Affiliation | Couse of Information Engineering, Graduate School of Engineering Tokai University |
| 3rd Author's Name | Masato TERADA |
| 3rd Author's Affiliation | Hitachi, Ltd. Hitachi Incident Response Team(HIRT) |
| Date | 2007-07-20 |
| Paper # | ISEC2007-51 |
| Volume (vol) | vol.107 |
| Number (no) | 141 |
| Page | pp.pp.- |
| #Pages | 7 |
| Date of Issue | |