2008 IEEE International Conference on Signal Image Technology and Internet Based Systems 2008
DOI: 10.1109/sitis.2008.33
|View full text |Cite
|
Sign up to set email alerts
|

Detection of TCP SYN Scanning Using Packet Counts and Neural Network

Abstract: Port Scanning is used by malicious users to map the characteristics of a network to launch further attacks. Hence, detection of port scanning assumes paramount importance. This paper investigates the effectiveness of using counts of various TCP control packets in detecting TCP SYN scanning on a single machine. The behavioural characteristics of TCP control packets are aggregated. A Neural Network is trained to capture this behaviour for normal as well as port scan data. It is seen from the investigation that t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
11
0

Year Published

2011
2011
2021
2021

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 17 publications
(11 citation statements)
references
References 10 publications
0
11
0
Order By: Relevance
“…More specifically, the authors propose various techniques that correspond to both the misuse detection and anomaly detection. In [2], the authors used a large amount of the different TCP control packets as input for Back Propagation algorithm so as to detect port scans. The learning phase was supported by a training set that contains normal traffic and port scanning attacks.…”
Section: Related Workmentioning
confidence: 99%
“…More specifically, the authors propose various techniques that correspond to both the misuse detection and anomaly detection. In [2], the authors used a large amount of the different TCP control packets as input for Back Propagation algorithm so as to detect port scans. The learning phase was supported by a training set that contains normal traffic and port scanning attacks.…”
Section: Related Workmentioning
confidence: 99%
“…More specifically, the authors proposed techniques that correspond to both the anomaly detection and misuse detection. In [7], the researchers used the number of the different TCP control packets and SYN as input for Back Propagation algorithm in order to detect port scans.…”
Section: Literature Reviewmentioning
confidence: 99%
“…In [6], [7], [10], [11] and [13], researchers used some algorithms to detect port scanning attack in network, where some them used data mining technique and others used fuzzy based algorithm. But the problem with existing techniques are, they consider all the scan as a attack while in any network most of scanning are used by system connect () method to establish the communication between client and server.…”
Section: Figure 5 Structure Of Snort Rule Headermentioning
confidence: 99%
“…More specifically, the authors propose techniques that correspond to both the misuse detection and anomaly detection. In [7], the authors used the number of the different TCP control packets as input for Back Propagation algorithm in order to detect port scans. The learning phase was based on a training set that contains normal traffic and port scanning attacks.…”
Section: Related Workmentioning
confidence: 99%