Abstract
Port scans aim to detect the services running on a computer to find vulnerabilities of a computer. Although detecting port scans using a database system is possible, it requires too much space and computational overhead and is not feasible under high load. In this paper, we propose space-efficient structures to detect parameterized versions of port scans. We investigate both exact and approximate structures for the problems. Proposed schemes are lightweight, require low space overhead, low computational overhead and can handle high load.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alon, N., Matias, Y., Szegedy, M.: The space complexity of approximating the frequency moments. Journal of Computer and System Sciences 58(1), 137–147 (1999)
Amer-Yahia, S., Johnson, T.: Optimizing queries on compressed bitmaps. In: The VLDB Journal, pp. 329–338 (2000)
Antoshenkov, G.: Byte-aligned bitmap compression. In: Data Compression Conference, Oracle Corp, Nashua, NH (1995)
Apaydin, T., Canahuate, G., Ferhatosmanoglu, H., Tosun, A.Ş.: Approximate encoding for direct access and query processing over compressed streams. In: 32nd International Conference on Very Large Data Bases, pp. 457–846 (2006)
Bar-Yossef, Z., Jayram, T.S., Kumar, R., Sivakumar, D., Trevisan, L.: Counting distinct elements in a data stream. In: RANDOM (2002)
Bloom, B.: Space/time tradeoffs in hash coding with allowable errors. Communications of the ACM 13(7), 422–426 (1970)
Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. In: Proceedings of the 40th Annual Allerton Conference on Communication, Control, and Computing, pp. 636–646 (2002)
Chan, C.Y., Ioannidis, Y.E.: Bitmap index design and evaluation. In: Proceedings of the 1998 ACM SIGMOD international conference on Management of data, pp. 355–366. ACM Press, New York (1998)
Chan, C.Y., Ioannidis, Y.E.: An efficient bitmap encoding scheme for selection queries. SIGMOD Rec. 28(2), 215–226 (1999)
Feng, W.c., Kandlur, D.D., Saha, D., Shin, K.G.: Stochastic Fair Blue: A Queue Management Algorithm for Enforcing Fairness. In: Proc. of INFOCOM, vol. 3, p. 1520–1529 (April 2001)
Durand, M., Flajolet, P.: Loglog counting of large cardinalities. In: Di Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, Springer, Heidelberg (2003)
Fan, L., Cao, P., Almeida, J., Broder, A.: Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol. In: IEEE/ACM Transactions on Networking, Canada, ACM Press, New York (2000)
Fan, L., Cao, P., Almeida, J., Broder, A.: Web cache sharing. Collaborating Web caches use bloom filter to represent local set of cached files to reduce the netwrok traffic. In: IEEE/ACM Transactions on Networking, ACM Press, New York (2000)
Flajolet, P., Martin, G.N.: Probabilistic counting algorithms for database applications. Journal of Computer and System Sciences 31(2) (1985)
Koudas, N.: Space efficient bitmap indexing. In: Proceedings of the ninth international conference on Information and knowledge management, pp. 194–201. ACM Press, New York (2000)
Kumar, A., Xu, J.J., Wang, J., Li, L.: Algorithms: Space-code bloom filter for efficient traffic flow measurement. In: Proceedings of the 2003 ACM SIGCOMM conference on Internet measurement, October 2003, ACM Press, New York (2003)
Mishra, P., Eich, M.H.: Join processing in relational databases. In: ACM Computing Surveys (CSUR), March 1992, ACM Press, New York (1992)
Mullin, J.K.: Estimating the size of joins in distributed databases where communication cost must be maintained low. In: IEEE Transactions on Software Engineering, IEEE Computer Society Press, Los Alamitos (1990)
Mullin, J.K.: Optimal semijoins for distributed database systems. IEEE Transactions on Software Engineering 16, 558–560 (1990)
O’Neil, P.E., Quass, D.: Improved query performance with variant indexes. In: Proceedings of the 1997 ACM SIGMOD international conference on Management of data, pp. 38–49. ACM Press, New York (1997)
Snoeren, A.C.: Hash-based IP traceback. In: ACM SIGCOMM Computer Communication Review, ACM Press, New York (2001)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T.: IP Traceback to record packet digests traffic forwarded by the routers. IEEE/ACM Transactions on Networking (TON) (December 2002)
Stockinger, K.: Bitmap indices for speeding up high-dimensional data analysis. In: Proceedings of the 13th International Conference on Database and Expert Systems Applications, pp. 881–890. Springer, Heidelberg (2002)
Whitaker, A., Wetherall, D.: Detecting loops in small networks. In: 5th IEEE Conference on Open Architectures and Network Programming (OPENARCH) (June 2002)
Wu, K., Otoo, E.J., Shoshani, A.: A performance comparison of bitmap indexes. In: Proc. Conf. on 10th International Conference on Information and Knowledge Management, pp. 559–561. ACM Press, New York (2001)
Wu, K., Otoo, E.J., Shoshani, A.: Compressing bitmap indexes for faster search operations. In: SSDBM, Edinburgh, Scotland, pp. 99–108 (July 2002)
Wu, M.C.: Query optimization for selections using bitmaps. In: Proceedings of the 1999 ACM SIGMOD international conference on Management of data, pp. 227–238. ACM Press, New York (1999)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tosun, A.Ş. (2007). Space-Efficient Structures for Detecting Port Scans. In: Wagner, R., Revell, N., Pernul, G. (eds) Database and Expert Systems Applications. DEXA 2007. Lecture Notes in Computer Science, vol 4653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74469-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-74469-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74467-2
Online ISBN: 978-3-540-74469-6
eBook Packages: Computer ScienceComputer Science (R0)