Detecting network portscans through anomaly detection.

Thumbnail Image

Files

Primary SPIE_2004_5429_254.pdf (217.08 KB)

DOI

https://doi.org/10.7939/R38911S11

Date

2004

Author(s)

Kouritzin, Michael
Kim, Surrey
Sun, Wei
Kim, Hyukjoon

Citation for Previous Publication

J. Kim, S. Kim, M.A. Kouritzin, and W. Sun, "Detecting network portscans through anomaly detection", in Signal Processing, Sensor Fusion and Target Recognition XIII, the 2004 Proceedings of SPIE, 5429 (2004) 254-263. doi:10.1117/12.546127

Link to Related Item

Abstract

Description

In this note, we consider the problem of detecting network portscans through the use of anomaly detection. First, we introduce some static tests for analyzing traffic rates. Then, we make use of two dynamic chi-square tests to detect anomalous packets. Further, we model network traffic as a marked point process and introduce a general portscan model. Simulation results for correct detects and false alarms are presented using this portscan model and the statistical tests.

Item Type

http://purl.org/coar/resource_type/R60J-J5BD

Title

Detecting network portscans through anomaly detection.

Alternative

License

Other License Text / Link

Copyright 2004 Society of Photo Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.

Subject/Keywords

Chi-square test
Network portscan
Marked point process
Anomaly detection
Z-test

Language

en

Location

Time Period

Source

Collections

Research Publications (Mathematical and Statistical Sciences)