9/23/2023 0 Comments C simple tcp syn port scanerWe compare both approaches with existing port scan detection algorithms on the flow-based CIDDS-001 data set. One approach is unsupervised and uses sequential hypothesis testing whereas the other approach is supervised and uses classification algorithms. Based on these objects, we propose two different approaches for detection of slow port scans. The computed objects are used as input for the further analysis. The preprocessing chain generates new objects based on flow-based data aggregated over time windows while taking domain knowledge as well as additional knowledge about the network structure into account. This paper proposes an innovative approach for preprocessing flow-based data which is specifically tailored to the detection of slow port scans. Unfortunately, the detection of slow port scans in company networks is challenging due to the massive amount of network data. Frequently, port scans are early indicators of more serious attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |