Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of slow port scans in company networks is challenging due to the massive amount of network data. This paper proposes an innovative approach for preprocessing flow-based data which is specifically tailored to the detection of slow port scans. The preprocessing chain generates new objects based on flow-based data aggregated over time windows while taking domain knowledge as well as additional knowledge about the network structure into account. The computed objects are used as input for the further analysis. Based on these objects, we propose two different approaches for detection of slow port scans. One approach is unsupervised and uses sequentia...
This master's thesis is aimed how can be network traffic monitored using IP flows. The description o...
Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for ne...
Network scans visualization provides very effective means for to detection large scale network scans...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Ports scan dataset contains approximately 50% benign flow data and 50% malicious flow data. Benign f...
ENGLISH: Today’s society relies on computer networks. More and more data of vital importance are tra...
Current Network Scan Detection Systems (NSDS), usually im-plement detection schemes which depend on ...
Attackers perform port scan to find reachability, liveness and running services in a system or netwo...
Accurately predicting network behavior is beneficial for TCP congestion control, and can help improv...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Network security is more and more important today. Port and net scan are the typical preliminary ste...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
Scanning activity is a common activity on the Internet today, representing malicious activity such a...
t. f t r i i ri i r it f i l il: l i, , l t, t, j t.. r One recent trend in network security attac...
There is widespread interest in the research community for new IP traffic classification techniques,...
This master's thesis is aimed how can be network traffic monitored using IP flows. The description o...
Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for ne...
Network scans visualization provides very effective means for to detection large scale network scans...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Ports scan dataset contains approximately 50% benign flow data and 50% malicious flow data. Benign f...
ENGLISH: Today’s society relies on computer networks. More and more data of vital importance are tra...
Current Network Scan Detection Systems (NSDS), usually im-plement detection schemes which depend on ...
Attackers perform port scan to find reachability, liveness and running services in a system or netwo...
Accurately predicting network behavior is beneficial for TCP congestion control, and can help improv...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Network security is more and more important today. Port and net scan are the typical preliminary ste...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
Scanning activity is a common activity on the Internet today, representing malicious activity such a...
t. f t r i i ri i r it f i l il: l i, , l t, t, j t.. r One recent trend in network security attac...
There is widespread interest in the research community for new IP traffic classification techniques,...
This master's thesis is aimed how can be network traffic monitored using IP flows. The description o...
Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for ne...
Network scans visualization provides very effective means for to detection large scale network scans...