Coordinated Scan Detection

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2009

Volumn , Issue , 2009, Pages

  Gates, Carrie ^a  

^a Sterling Software   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ADVERSARY MODELING; COORDINATED ACTIVITY; COORDINATED ATTACK; DETECTION ALGORITHM; GAIN INFORMATION; INFORMATION GAIN; INFORMATION SPACES; MULTIPLE SOURCE; PORT SCANS; SET COVERING PROBLEM;

EID: 85180625485     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (29)

1. H. Akaike. Information theory as an extension of the maximum likelihood principle. In B. N. Petrov and F. Csaksi, editors, Proceedings of the 2nd International Symposium on Information Theory, pages 267 – 281, Budapest, Hungary, 1973.
2. D. R. (Anthraxx) and B. P. (Kolrabi). DScan software. http://www.u-n-f.com/dscan.html, 2002. Last visited: 2 July 2002.
3. S. Braynov and M. Jadliwala. Detecting malicious groups of agents. In Proceedings of the First IEEE Symposium on Multi-Agent Security and Survivability, Drexel University, Philadelphia, PA, USA, August 2004.
4. G. Conti and K. Abdullah. Passive visual fingerprinting of network attack tools. In Proceedings of 2004 CCS Workshop on Visualization and Data Mining for Computer Security, pages 45 – 54, Washington, DC, USA, October 2004.
5. G. Conti, M. Ahamad, and J. Stasko. Attacking information visualization system usability overloading and deceiving the human. In Symposium on Usable Privacy and Security, Pittsburgh, PA, USA, July 2005.
6. Fyodor. The art of port scanning. Phrack Magazine, 7(51), 1997.
7. C. Gates. Co-ordinated Port Scans: A Model, A Detector and an Evaluation Methodology. PhD thesis, Dalhousie University, Feb 2006.
8. C. Gates. A case study in testing a network security algorithm. In 4th International Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities, Innsbruck, Austria, March 2008.
9. C. Gates, J. J. McNutt, J. B. Kadane, and M. Kellner. Scan detection on very large networks using logistic regression modeling. In Proceedings of the IEEE Symposium on Computers and Communications, Pula-Cagliari, Sardinia, Italy, June 2006.
10. J. Green, D. Marchette, S. Northcutt, and B. Ralph. Analysis techniques for detecting coordinated attacks and probes. In Proceedings of the Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, USA, April 1999. Usenix Association.
11. T. Grossman and A. Wool. Computational experience with approximation algorithms for the set covering problem. European Journal of Operational Research, 101(1):81 – 92, 1997.
12. hybrid. Distributed information gathering. Phrack Magazine, 9(55), 1999.
13. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 211 – 225, Oakland, California, USA, May 2004. IEEE Computer Society.
14. M. G. Kang, J. Caballero, and D. Song. Distributed evasive scan techniques and countermeasures. In Proceedings of Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, Lucerne, Switzerland, July 2007.
15. C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proceedings of the 2002 IEEE Network Operations and Management Symposium, pages 359 – 372, Florence, Italy, April 2002.
16. R. E. Lee. Unicornscan. http://www.unicornscan.org/, 2007. Last visited: 12 December 2008.
17. Mixter. Network security analysis tools. http://nsat.sourceforge.net/, 2003. Last Visited: 9 November 2004.
18. C. X. Naval Surface Warfare Center, Dahlgren Division. Shadow indications technical analysis: Coordinated attacks and probes. http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt, 1998. Last visited: 23 March 2002.
19. V. Paxson. Private communication between Carrie Gates and Vern Paxson, February, 2006.
20. S. Robertson, E. V. Siegel, M. Miller, and S. J. Stolfo. Surveillance detection in high bandwidth environments. In Proceedings of the 2003 DARPA DISCEX III Conference, pages 130 – 139, Washington, DC, April 2003.
21. S. Staniford. Intrusion correlation engine. http://www.silicondefense.com/research/ACM-tutorial-11-4-01.ppt, 2001. Powerpoint presentation on The Intrusion Correlation Engine from an ACM conference. Last visited: 13 January 2003.
22. S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1):105 – 136, 2002.
23. S. Staniford, V. Paxson, and N. Weaver. How to 0wn the Internet in your spare time. In Proceedings of the 11th USENIX Security Symposium, pages 149 – 167, San Francisco, California, USA, August 2002. USENIX Association.
24. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle. GrIDS – a graph based intrusion detection system for large networks. In Proceedings of the 19th National Information Systems Security Conference, pages 361 – 370, Baltimore, MD, USA, October 1996.
25. W. W. Streilein, R. K. Cunningham, and S. E. Webster. Improved detection of low-profile probe and denial-of-service attacks. In Proceedings of the 2001 Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, June 2001.
26. University of Southern California Information Sciences Institute. The DETER testbed: Overview. http://www.isi.edu/deter/docs/testbed.overview.pdf, 2004. Last Visited: 9 November 2004.
27. B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar. An integrated experimental environment for distributed systems and networks. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pages 255 – 270, Boston, MA, USA, December 2002. USENIX Association.
28. D. Whyte, P. van Oorschot, and E. Kramakis. Tracking darkports for network defense. In Proceedings of the 23rd Annual Computer Security Applications Conference, Miami Beach, Florida, December 2007.
29. V. Yegneswaran, P. Barford, and J. Ullrich. Internet intrusions: Global characteristics and prevalence. In Proceedings of the 2003 ACM Joint International Conference on Measurement and Modeling of Computer Systems, pages 138 – 147, San Diego, California, USA, June 2003.