Large enterprises are nowadays complex interconnected software systems spanning over several domains. This new dimension makes difficult for enterprises the task of enabling efficient security defenses. This paper addresses the problem of detecting inter-domain stealthy port scans and proposes an architecture of an Intrusion Detection System which uses, for such purpose, an open source Complex Event Processing engine named Esper. Esper provides low cost of ownership and high flexibility. The architecture consists of software sensors deployed at different enterprise domains. Each sensor sends events to the Esper event processor for correlation. We implemented an algorithm for the detection of interdomain SYN port scans named Rank-based SYN (...
The vulnerabilities existing in the Internet such as insecure network architectures are exploited to...
The unprecedented growth in technology has increased the importance of the required information secu...
Abstract. Computer virus and worms perform randomly spyware and port-scanning to find a vulnerabilit...
We describe an Internet-based collaborative environment that protects geographically dispersed organ...
In this paper we analyze the coordinated port scan attack where a single adversary coordinates a Gro...
Prior to exploiting a vulnerable service, adversaries perform a port scan to detect open ports on a ...
Port scans are typically at the begin of a chain of events that will lead to the attack and exploita...
Currently, IP networks are constantly harmed by several attack techniques such as port scans, denial...
Port scanning is prevalent in today’s Internet and often has malicious intent. Although many algo-ri...
It is well known that intrusion detection systems can make smarter decisions if the context of the t...
Studies show that a significant portion of networked com-puters are infected with stealthy malware. ...
International audienceNowadays, network technologies are essential for transferring and storing vari...
Current firewalls and intrusion detection systems are generally designed to protect a single gateway...
Considerable research has been done on detecting and block-ing portscan activities that are typicall...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
The vulnerabilities existing in the Internet such as insecure network architectures are exploited to...
The unprecedented growth in technology has increased the importance of the required information secu...
Abstract. Computer virus and worms perform randomly spyware and port-scanning to find a vulnerabilit...
We describe an Internet-based collaborative environment that protects geographically dispersed organ...
In this paper we analyze the coordinated port scan attack where a single adversary coordinates a Gro...
Prior to exploiting a vulnerable service, adversaries perform a port scan to detect open ports on a ...
Port scans are typically at the begin of a chain of events that will lead to the attack and exploita...
Currently, IP networks are constantly harmed by several attack techniques such as port scans, denial...
Port scanning is prevalent in today’s Internet and often has malicious intent. Although many algo-ri...
It is well known that intrusion detection systems can make smarter decisions if the context of the t...
Studies show that a significant portion of networked com-puters are infected with stealthy malware. ...
International audienceNowadays, network technologies are essential for transferring and storing vari...
Current firewalls and intrusion detection systems are generally designed to protect a single gateway...
Considerable research has been done on detecting and block-ing portscan activities that are typicall...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
The vulnerabilities existing in the Internet such as insecure network architectures are exploited to...
The unprecedented growth in technology has increased the importance of the required information secu...
Abstract. Computer virus and worms perform randomly spyware and port-scanning to find a vulnerabilit...