eCite Digital Repository

A context aware scan detection system

Citation

Scanlan, JD and Hartnett, JS, A context aware scan detection system, International Journal of Computer Science and Network Security, 8, (No1, January 2008) EJ ISSN 1738-7906 (2008) [Refereed Article]


Preview
PDF
Not available
291Kb
  

Copyright Statement

Copyright 2008 International Journal of Computer Science and Network Security

Official URL: http://paper.ijcsns.org/07_book/200801/20080112.pd...

Abstract

It is well known that intrusion detection systems can make smarter decisions if the context of the traffic being observed is known. This paper examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The system not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur.

Item Details

Item Type:Refereed Article
Keywords:instrusion detection, scan correlation, prevention
Research Division:Information and Computing Sciences
Research Group:Computer Software
Research Field:Computer System Security
Objective Division:Information and Communication Services
Objective Group:Communication Networks and Services
Objective Field:Communication Networks and Services not elsewhere classified
Author:Scanlan, JD (Dr Joel Scanlan)
Author:Hartnett, JS (Mrs Jacky Hartnett)
ID Code:54147
Year Published:2008
Deposited By:Information and Communication Technology
Deposited On:2009-02-11
Last Modified:2014-12-09
Downloads:0

Repository Staff Only: item control page