For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Detecting Stealthy Spreaders by Random Aging Streaming Filters
IEICE TRANSACTIONS on Communications
Publication Date: 2011/08/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: PAPER
network security, intrusion detection, spreader detection, port scan, anomaly detection,
Full Text: PDF(548.6KB)>>
Detecting spreaders, or scan sources, helps intrusion detection systems (IDS) identify potential attackers. The existing work can only detect aggressive spreaders that scan a large number of distinct destinations in a short period of time. However, stealthy spreaders may perform scanning deliberately at a low rate. We observe that these spreaders can easily evade the detection because current IDS's have serious limitations. Being lightweight, the proposed scheme can detect scan sources in high speed networking while residing in SRAM. By theoretical analysis and experiments on real Internet traffic traces, we demonstrate that the proposed scheme detects stealthy spreaders successfully.