Detecting Stealthy Spreaders by Random Aging Streaming Filters

MyungKeun YOON
Shigang CHEN

IEICE TRANSACTIONS on Communications   Vol.E94-B    No.8    pp.2274-2281
Publication Date: 2011/08/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E94.B.2274
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Internet
network security,  intrusion detection,  spreader detection,  port scan,  anomaly detection,  

Full Text: PDF(548.6KB)>>
Buy this Article

Detecting spreaders, or scan sources, helps intrusion detection systems (IDS) identify potential attackers. The existing work can only detect aggressive spreaders that scan a large number of distinct destinations in a short period of time. However, stealthy spreaders may perform scanning deliberately at a low rate. We observe that these spreaders can easily evade the detection because current IDS's have serious limitations. Being lightweight, the proposed scheme can detect scan sources in high speed networking while residing in SRAM. By theoretical analysis and experiments on real Internet traffic traces, we demonstrate that the proposed scheme detects stealthy spreaders successfully.