2 research outputs found
New Sequential Methods for Detecting Portscanners
In this paper, we propose new sequential methods for detecting port-scan
attackers which routinely perform random "portscans" of IP addresses to find
vulnerable servers to compromise. In addition to rigorously control the
probability of falsely implicating benign remote hosts as malicious, our method
performs significantly faster than other current solutions. Moreover, our
method guarantees that the maximum amount of observational time is bounded. In
contrast to the previous most effective method, Threshold Random Walk
Algorithm, which is explicit and analytical in nature, our proposed algorithm
involve parameters to be determined by numerical methods. We have developed
computational techniques such as iterative minimax optimization for quick
determination of the parameters of the new detection algorithm. A framework of
multi-valued decision for testing portscanners is also proposed.Comment: 11 pages, 5 figures, the mathematical theory of the detection
algorithm has been presented in SPIE conference