eCite Digital Repository
A context aware scan detection system
Citation
Scanlan, JD and Hartnett, JS, A context aware scan detection system, International Journal of Computer Science and Network Security, 8, (No1, January 2008) EJ ISSN 1738-7906 (2008) [Refereed Article]
![]() | PDF Not available 291Kb |
Copyright Statement
Copyright 2008 International Journal of Computer Science and Network Security
Official URL: http://paper.ijcsns.org/07_book/200801/20080112.pd...
Abstract
It is well known that intrusion detection systems can make
smarter decisions if the context of the traffic being observed is
known. This paper examines whether an attack detection system,
looking at traffic as it arrives at gateways or firewalls, can make
smarter decisions if the context of attack patterns across a class
of IP addresses is known. A system that detects and forestalls the
continuation of both fast attacks and slow attacks across several
IP addresses is described and the development of heuristics both
to ban activity from hostile IP addresses and then lift these bans
is illustrated. The system not only facilitates detection of
methodical multiple gateway attacks, but also acts to defeat the
attack before penetration can occur.
Item Details
Item Type: | Refereed Article |
---|---|
Keywords: | instrusion detection, scan correlation, prevention |
Research Division: | Information and Computing Sciences |
Research Group: | Cybersecurity and privacy |
Research Field: | Cybersecurity and privacy not elsewhere classified |
Objective Division: | Information and Communication Services |
Objective Group: | Communication technologies, systems and services |
Objective Field: | Communication technologies, systems and services not elsewhere classified |
UTAS Author: | Scanlan, JD (Dr Joel Scanlan) |
UTAS Author: | Hartnett, JS (Mrs Jacky Hartnett) |
ID Code: | 54147 |
Year Published: | 2008 |
Deposited By: | Information and Communication Technology |
Deposited On: | 2009-02-11 |
Last Modified: | 2014-12-09 |
Downloads: | 0 |
Repository Staff Only: item control page