Skip to main content
Springer Nature Link
Log in

A Profile-Based Fast Port Scan Detection Method

  • Conference paper
  • First Online:
Computational Collective Intelligence (ICCCI 2017)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 10448))

Included in the following conference series:

  • 1914 Accesses

Abstract

Before intruding into a system attackers need to collect information about the target machine. Port scanning is one of the most popular techniques for that purpose, it enables to discover services that may be exploited. In this paper we propose an accurate port scan detection method that can detect port scanning attacks earlier with higher reliability than the widely used Snort-based approaches. Our method is profile-based, meaning that it does not only set a threshold on the connection attempts in a given time interval, like most of the current methods, but builds an IP profile of four features that enables a more fine-grained detection. We use the Budapest node of the FIWARE Lab community cloud as a natural honeypot to identify malicious activities in it.

During this work, Dr. Laki was also with Wigner Research Centre for Physics of the Hungarian Academy of Sciences.

Dr. Kiss was also with J. Selye University, Komárno, Slovakia.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

References

  1. Fiware lab community cloud (2016). https://account.lab.fiware.org

  2. libpcap (2016). http://www.tcpdump.org/

  3. Ahanger, T.A.: Port scan - a security concern. Int. J. Eng. Innovative Technol. (IJEIT) 3 (2014)

    Google Scholar 

  4. ArborNetworks: Digital attack map (2013). http://www.digitalattackmap.com

  5. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying port scans and their detection methodologies. Comput. J. 54, 1565–1581 (2011)

    Article  Google Scholar 

  6. Christopher, R.: Port Scanning Techniques and the Defense Against Them. SANS Institute (2001)

    Google Scholar 

  7. Cisco: Snort (2016). https://www.snort.org

  8. Jaekwang, K., Lee, J.-H.: A slow port scan attack detection mechanism based on fuzzy logic and a stepwise policy. In: 4th International Conference on Intelligent Environments, IET (2008)

    Google Scholar 

  9. Kumar, V., Sangwan, O.P.: Signature based intrusion detection system using snort. Int. J. Comput. Appl. Inf. Technol. 1(3), 35–41 (2012). (ISSN: 2278-7720)

    Google Scholar 

  10. Lee, C.B., Roedel, C., Silenok, E.: Detection and characterization of port scan attacks. Univeristy of California, Department of Computer Science and Engineering (2003)

    Google Scholar 

  11. Maciej, K., Janowski, L., Duda, A.: An accurate sampling scheme for detecting SYN flooding attacks and portscans. In: International Conference on Communications (ICC). IEEE (2011)

    Google Scholar 

  12. Offensivehacking: Five phases of hacking, October 2012. https://offensivehacking.wordpress.com

  13. Omar, A.-J., Arafat, A.: Network intrusion detection system using neural network classification of attack behavior. J. Adv. Inf. Technol. 6(1) (2015)

    Google Scholar 

  14. Panjwani, S., et al.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 602–611. IEEE (2005)

    Google Scholar 

  15. Patel, S.K., Sonker, A.: Rule-based network intrusion detection system for port scanning with efficient port scan detection rules using snort. Int. J. Future Gener. Commun. Netw. 9(6), 339–350 (2016)

    Article  Google Scholar 

  16. Soniya, B., Wiscy, M.: Detection of TCP SYN scanning using packet counts and neural network. IEEE International Conference on Signal Image Technology and Internet Based Systems SITIS 2008. IEEE (2008)

    Google Scholar 

  17. Stuart, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10(1–2), 105–136 (2002)

    Google Scholar 

  18. Stuart, S.-C., et al.: Grids-a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, vol. 1 (1996)

    Google Scholar 

  19. Todd, H.L., et al.: A network security monitor. In: Computer Society Symposium, Proceedings. IEEE (1990)

    Google Scholar 

  20. WEBNet77: Multiple ip address lookup (2016). http://software77.net/geo-ip/multi-lookup/

  21. Jammes, Z., Papadaki, M.: Snort IDS ability to detect Nmap and metasploit framework evasion techniques. Adv. Commun. Comput. Netw. Secur. 10, 104 (2013)

    Google Scholar 

Download references

Acknowledgment

Authors thank Ericsson Ltd. for support via the ELTE CNL collaboration. Sándor Laki also thanks the partial support of EU FP7 FI-CORE project. This publication is the partial result of the Research & Development Operational Programme for the project “Modernisation and Improvement of Technical Infrastructure for Research and Development of J. Selye University in the Fields of Nanotechnology and Intelligent Space”, ITMS 26210120042, co-funded by the European Regional Development Fund.

Author information

Authors and Affiliations

  1. Eötvös Loránd University, Budapest, Hungary

    Katalin Hajdú-Szücs, Sándor Laki & Attila Kiss

Authors
  1. Katalin Hajdú-Szücs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sándor Laki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Attila Kiss
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katalin Hajdú-Szücs .

Editor information

Editors and Affiliations

  1. Department of Information Systems, Faculty of Computer Science and Management , Wrocław University of Science and Technology, Wrocław, Poland

    Ngoc Thanh Nguyen

  2. Department of Computer Science, University of Cyprus, Nicosia, Cyprus

    George A. Papadopoulos

  3. Department of Information Systems, Gdynia Maritime University, Gdynia, Poland

    Piotr Jędrzejowicz

  4. Department of Information Systems, Faculty of Computer Science and Management, Wrocław University of Science and Technology, Wrocław, Poland

    Bogdan Trawiński

  5. Department of Information Systems, University of Münster, Münster, Germany

    Gottfried Vossen

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hajdú-Szücs, K., Laki, S., Kiss, A. (2017). A Profile-Based Fast Port Scan Detection Method. In: Nguyen, N., Papadopoulos, G., Jędrzejowicz, P., Trawiński, B., Vossen, G. (eds) Computational Collective Intelligence. ICCCI 2017. Lecture Notes in Computer Science(), vol 10448. Springer, Cham. https://doi.org/10.1007/978-3-319-67074-4_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67074-4_39

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67073-7

  • Online ISBN: 978-3-319-67074-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics