AOCD: An adaptive outlier based coordinated scan detection approach

International Journal of Network Security

Volumn 14, Issue 6, 2012, Pages 339-351

  Bhuyan, Monowar H ^a   Bhattacharyya, Dhruba Kr ^a   Kalita, Jugal K ^b  

^a TEZPUR UNIVERSITY   (India)

^b University of Colorado Colorado Springs   (United States)

Author keywords

Coordinated scans; Outlier detection; Port scan; Principal component analysis

Indexed keywords

ADAPTIVE NETWORKS; COORDINATED ATTACK; COORDINATED SCANS; DATA SETS; DETECTION ACCURACY; DETECTION APPROACH; FALSE POSITIVE RATES; OUTLIER DETECTION; PORT SCANS; TARGET MACHINES;

PRINCIPAL COMPONENT ANALYSIS;

STATISTICS;

EID: 84870694700     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (30)

1. F Amiri, M M R Yousefi, C Lucas, A Shakery, and N Yazdani, "Mutual information-based feature se-lection for intrusion detection systems," Journal of Network and Computer Applications, vol. 34, no. 4, pp. 1184-1199, 2011.
2. James C Bezdek, Robert Ehrlich, and William Full, "FCM: The fuzzy c-means clustering algorithm," Computers & Geosciences, vol. 10, no. 2-3, pp. 191-203, 1984.
3. M H Bhuyan, D K Bhattacharyya, and J K Kalita, "NADO: Network anomaly detection using outlier approach," in Proceedings of the International Con-ference on Communication, Computing and Security, pp. 531-536. ACM, February 2011.
4. M H Bhuyan, D K Bhattacharyya, and J K Kalita, "Surveying port scans and their detection method-ologies," The Computer Journal, vol. 54, no. 10, pp. 1565-1581, 2011.
5. Sviatoslav Braynov and Murtuza Jadliwala, "Detect-ing Malicious Groups of Agents," in Proceedings of the 1st IEEE Symposium on Multi-Agent Security and Survivability, pp. 90-99. IEEE CS, 2004.
6. S Staniford Chen, S Cheung, R Crawford, M Dilger, J Frank, J Hoagland, K Levitt, C Wee, R Yip, and D Zerkle, "Grids: a graph based intrusion detection system for large networks," in Proceedings of the 19th National Information Systems Security Conference, pp. 361-370, USA, October 1996.
7. Kim Kwang Raymond Choo, "The cyber threat land-scape: Challenges and future research directions," Computers & Security, vol. 30, no. 8, pp. 719-731, 2011.
8. Gregory Conti and Kulsoom Abdullah, "Passive vi-sual fingerprinting of network attack tools," in Pro-ceedings of the CCS Workshop on Visualization and Data Mining for Computer Security, pp. 45-54, Washington, USA, October 2004.
9. Marco De-Vivo, Eddy Carrasco, Germinal Isern, and Gabriela O de Vivo, "A review of port scanning tech-niques," SIGCOMM Computer Communication Re-view, vol. 29, no. 2, pp. 41-48, 1999.
10. Roya Ensafi, Jong Chun Park, Deepak Kapur, and Jedidiah R. Crandall, "Idle port scanning and non-interference analysis of network protocol stacks using model checking," in Proceedings of the 19th USENIX conference on Security, pp. 1-17, Berkeley, USA, 2010.
11. Vincenzo Falletta and Fabio Ricciato, "Detecting scanners: Empirical assessment on 3g network," International Journal of Network Security, vol. 9, pp. 143-155, September 2009.
12. Carrie Gates. Co-ordinated Port Scans: A Model, A Detector and An Evaluation Methodology. PhD thesis, Dalhousie University, Halifax, Nova Scotia, February 2006.
13. Shi Jinn Horng, Ming Yang Su, Yuan Hsin Chen, Tzong Wann Kao, Rong Jian Chen, Jui Lin Lai, and Citra Dwi Perkasa, "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert Systems with Applications, vol. 38, pp. 306-313, January 2011.
14. hybrid@hotmail.com, "Distributed information gathering," Phrack Magazine, Article 9, vol. 9, no. 55, 1999.
15. Jaeyeon Jung, Vern Paxson, Arthur W Berger, and Hari Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2004
16. KDDCUP99. "Winning strategy in kdd99,". http://kdd.ics.uci.edu/databases/kddcup99/ kdd-cup99.html, October 28 1999.
17. Zaiqiang Liu, Dongdai Lin, and Fengdeng Guo, "A method for locating digital evidences with outlier de-tection using support vector machine," International Journal of Network Security, vol. 6, pp. 301-308, May 2008.
18. Prabhaker Mateti. "Internet security,". http://www.cs.wright.edu/pmateti/Internet-Security/Lectures/Probing/inde x.html. Wright State University.
19. Bimal Kumar Mishra and Gholam Mursalin Ansari, "Differential epidemic model of virus and worms in computer network," International Journal of Net-work Security, vol. 14, pp. 149-155, May 2012.
20. Yaling Pei, Osmar R Zaiane, and Yong Gao, "An efficient reference-based approach to outlier detection in large datasets," in Proceedings of the Sixth Inter-national Conference on Data Mining, pp. 478-487, Washington, USA, 2006. IEEE CS.
21. Komsit Prakobphol and Justin Zhan, "A novel out-lier detection scheme for network intrusion detec-tion systems," in Proceedings of the International Conference on Information Security and Assurance, pp. 555-560, Washington, USA, 2008. IEEE CS.
22. Seth Robertson, Eric V Siegel, Matt Miller, and Sal-vatore J Stolfo, "Surveillance detection in high band-width environments," in Proceedings of the DARPA DISCEX III Conference, pp. 130-139, Washington, April 2003.
23. Bruce Schneier, Applied cryptography : protocols, al-gorithms, and source code in C. New York, USA: John Wiley & Sons, 2nd edition, 1995.
24. M L Shyu, S C Chen, K Sarinnapakorn, and L Chang, "A novel anomaly detection scheme based on principal component classifier," in Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with ICDM'03, pp. 171-179, 2003.
25. Himanshu Singh and Robert Chun. "Distributed port scan detection,". in Handbook of Information and Communication Security, pp. 221-234. 2010.
26. David Whyte. Network Scanning Detection Strate-gies for Enterprise Networks. PhD thesis, School of Computer Science, Carleton University, September 2008.
27. Vinod Yegneswaran, Paul Barford, and Johannes Ullrich, "Internet intrusions: Global characteristics and prevalence," in Proceedings of the ACM Joint International Conference on Measurement and Mod-eling of Computer Systems, pp. 138-147, California, USA, June 2003.
28. Hao Lan Zhang. Agent-based open connectivity for decision support systems. PhD thesis, School of Com-puter Science and Mathematics, Victoria University, 2007.
29. Jiong Zhang and Mohammad Zulkernine, "Anomaly based network intrusion detection with unsupervised outlier detection," in Proceedings of the IEEE In-ternational Conference on Communications, vol. 5, pp. 2388-2393, June 2006.
30. Zonghua Zhang, Hong Shen, and Yingpeng Sang, "An observation-centric analysis on the modeling of anomaly-based intrusion detection," International Journal of Network Security, vol. 4, pp. 292-305, May 2007.