Skip to main content
SpringerLink
Log in
Book cover

International Conference on Bio-Inspired Computing: Theories and Applications

BIC-TA 2018: Bio-inspired Computing: Theories and Applications pp 368–379Cite as

DeepPort: Detect Low Speed Port Scan Using Convolutional Neural Network

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 951))

Abstract

Port scanning is a widely used technology in reconnaissance, which aims to determine remotely the running services on the target TCP/UDP ports. Current research works have achieved acceptable performance for detection of conventional port scanning, which use handcrafted features such as packets receiving rate, count of requesting ports and packets arriving time distribution. However, advanced attacks such as APT usually employ low-speed scans to lower the risk of exposure. Nevertheless, it is a challenge to precisely detect a low-speed scan since it has much coarser features that are hard to be matched by the current approaches. We propose a novel method DeepPort to solve this problem. DeepPort filters out a majority of normal packets using their well-defined features. Thereafter, DeepPort detects port scans using learned features using a dedicated Convolutional Neural Network (CNN) that is trained from real scanning packets under various time interval configurations. The experiments carried in our campus network show that DeepPort can detect 10 class of low-speed scans with a precision of 97.4% and a recall of 96.9%.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Okhravi, H., et al.: Survey of Cyber Moving Targets Second Edition, Lincoln Laboratory Massachusetts Institute of Technology Technical Report 1228 (2018)

    Google Scholar 

  2. PTES Technical Guidelines. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

  3. Chen, P., Desmet, L., Huygens, C.: A study on advanced persistent threats. In: De Decker, B., Zúquete, A. (eds.) CMS 2014. LNCS, vol. 8735, pp. 63–72. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44885-4_5

    Chapter  Google Scholar 

  4. Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)

    Article  Google Scholar 

  5. Khamphakdee, N., Benjamas, N., Saiyod, S.: Improving intrusion detection system based on snort rules for network probe attack detection. In: 2nd International Conference on Information and Communication Technology (ICoICT), pp. 69–74. IEEE Press, New York (2014)

    Google Scholar 

  6. Bou-Harb, E., Debbabi, M., Assi, C.: A statistical approach for fingerprinting probing activities. In: 2013 International Conference on Availability, Reliability and Security, pp. 21–30. IEEE Press, New York (2013)

    Google Scholar 

  7. Benjamin, J.R., Leonardo, M.A., Antonio, J.T., Jim, A.S.: Network traffic anomaly detection using recurrent neural networks (2018). CoRR: https://arxiv.org/abs/1803.10769

  8. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2, 41–50 (2018)

    Article  Google Scholar 

  9. Peng, C.K., Buldyrev, S.V., Havlin, S., Simons, M., Stanley, H.E., Goldberger, A.L.: Mosaic organization of dna nucleotides. Phys. Rev. E. 49, 1685–1689 (1994)

    Article  Google Scholar 

  10. KDD Cup’99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  11. NSL-KDD dataset. http://www.unb.ca/cic/datasets/nsl.html

  12. Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure (2009)

    Google Scholar 

  13. Arkin, O., Yarochkin, F.: Xprobe v2.0: A “Fuzzy” Approach to Remote Active Operating System Fingerprinting. www.xprobe2.org

  14. hping3. http://www.hping.org/

  15. Google, Tensorflow. https://www.tensorflow.org/

  16. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27, 861–874 (2006)

    Article  Google Scholar 

Download references

Acknowledgments

The work was supported in part by the National High-tech R & D Program of China (863 Program) (2015AA017201) and National Key Research and Development Program of China (2016QY01W0200). The authors are very grateful to the anonymous viewers of this paper.

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, China

    Yulong Wang & Jiuchao Zhang

Authors
  1. Yulong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiuchao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yulong Wang .

Editor information

Editors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Jianyong Qiao

  2. Beijing University of Posts and Telecommunications, Beijing, China

    Xinchao Zhao

  3. Huazhong University of Science and Technology, Wuhan, China

    Linqiang Pan

  4. Beijing University of Posts and Telecommunications, Beijing, China

    Xingquan Zuo

  5. Anhui University, Hefei, China

    Xingyi Zhang

  6. City University of Hong Kong, Kowloon, Hong Kong

    Qingfu Zhang

  7. Beijing University of Posts and Telecommunications, Beijing, China

    Shanguo Huang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Y., Zhang, J. (2018). DeepPort: Detect Low Speed Port Scan Using Convolutional Neural Network. In: Qiao, J., et al. Bio-inspired Computing: Theories and Applications. BIC-TA 2018. Communications in Computer and Information Science, vol 951. Springer, Singapore. https://doi.org/10.1007/978-981-13-2826-8_32

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-2826-8_32

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-2825-1

  • Online ISBN: 978-981-13-2826-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation