Add to ORKGIn this thesis, I present the method to efficiently detect TCP port scans in very high-speed links. The main idea of this method is to discard most of the handshake packets without loss in accuracy. With two Bloom filters that track active destinations and TCP handshakes, the algorithm can easily discard about 80\% of all handshake packets with negligible loss in accuracy. This significantly reduces both the memory requirements and CPU cost. Next, I present my own extension of this algorithm, which significantly reduces the number of false positives caused by the lack of communication from the server to the client. Finally, I evaluated this algorithm using packet traces and live traffic from CESNET . The result showed that this method requi...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
This paper presents a family of bitmap algorithms that ad-dress the problem of counting the number o...
The rise of commodity servers equipped with high-speed network interface cards poses increasing dema...
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in I...
V této práci budu prezentovat efektivní metodu detekce TCP skenování portů ve vysokorychlostních sít...
Considerable research has been done on detecting and block-ing portscan activities that are typicall...
Port scanning is prevalent in today’s Internet and often has malicious intent. Although many algo-ri...
Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for ne...
International audienceWe propose in this paper an on-line algorithm based on Bloom filters to detect...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Network measurement at 10+Gbps speeds imposes many restrictions on the resource consumption of the m...
Network security is more and more important today. Port and net scan are the typical preliminary ste...
Since the link rate is very high up to 40Gbps these days, scanning packets can spread very fast. At ...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
This paper presents a family of bitmap algorithms that ad-dress the problem of counting the number o...
The rise of commodity servers equipped with high-speed network interface cards poses increasing dema...
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in I...
V této práci budu prezentovat efektivní metodu detekce TCP skenování portů ve vysokorychlostních sít...
Considerable research has been done on detecting and block-ing portscan activities that are typicall...
Port scanning is prevalent in today’s Internet and often has malicious intent. Although many algo-ri...
Packet sampling is commonly deployed in highspeed backbone routers to minimize resources used for ne...
International audienceWe propose in this paper an on-line algorithm based on Bloom filters to detect...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Network measurement at 10+Gbps speeds imposes many restrictions on the resource consumption of the m...
Network security is more and more important today. Port and net scan are the typical preliminary ste...
Since the link rate is very high up to 40Gbps these days, scanning packets can spread very fast. At ...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
This paper presents a family of bitmap algorithms that ad-dress the problem of counting the number o...
The rise of commodity servers equipped with high-speed network interface cards poses increasing dema...