Browse > Article

A Real Time Scan Detection System against Attacks based on Port Scanning Techniques  

송중석 (한국항공대학교 정보통신공학과)
권용진 (한국항공대학교 전자.정보통신.컴퓨터공학부)
Publication Information
Journal of KIISE:Information Networking / v.31, no.2, 2004 , pp. 171-178 More about this Journal
Abstract
Port scanning detection systems should rather satisfy a certain level of the requirement for system performance like a low rate of “False Positive” and “False Negative”, and requirement for convenience for users to be easy to manage the system security with detection systems. However, public domain Real Time Scan Detection Systems have high rate of false detection and have difficulty in detecting various scanning techniques. In addition, as current real time scan detection systems are based on command interface, the systems are poor at user interface and thus it is difficult to apply them to the system security management. Hence, we propose TkRTSD(Tcl/Tk Real Time Scan Detection System) that is able to detect various scan attacks based on port scanning techniques by applying a set of new filter rules, and minimize the rate of False Positive by applying proposed ABP-Rules derived from attacker's behavioral patterns. Also a GUI environment for TkRTSD is implemented by using Tcl/Tk for user's convenience of managing network security.
Keywords
Scan detection system; Scanning techniques; False Positive; False Negative; Port Scanning; Tcl/Tk;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Chung Hyun-Chul, 'An analysis report of the Sscan,' Technical Report of KISA, 1999
2 http://security.xmecca.com/AnalyzingNmap.pdf
3 Martin freiss, 'Protecting Networks with SATAN,' O'REILLY, 1998
4 http://www.nessus.org/
5 Kim Sang-Jung, 'An analysis report of the Mscan,' Technical Report of the Korea Information Security Agency(KISA), 1998
6 J. K. Ousterhout, Tcl and the Tk Toolkit, Addison-Wesley Professional Computing Series (1994)
7 Fyodor, 'The Art of Port Scanning' Phrack Magazine Volume 7, Issue 51, article 11 of 17, 1997
8 Park Hyun-Mi, Oh Eun-Suk, Lee Dong-Ryun, 'Technique of IP Network Scanning,' Technical Report of KISA, 2002
9 Guo Xiaobing, Qian Depei, Liu Min, Zhang Ran, Xu Bin, 'Detection and Protection against Network Scanning: IEDP,' Proc. of the 2003 IEEE International Conference on Computer Networks and Mobile Computing, pp. 487-493, 16-19 Oct. 2001   DOI
10 Lee Hyun-Woo, Lee Sang-Yeop, Chung Hyun-Chul, Chung Yoon-Jong, Lim Chae-Ho, 'Pattern analysis and detection tools against scan attack to network vulnerability,' WISC, 1999
11 http://www.ccrtcc.or.kr/
12 S. McCanne, C. Leres and V. Jacobson, Libpcap, available via anonymous ftp to ftp.ee.lbl.gov, 1994
13 Martin Roesch, 'Snort-Lightweight Intrusion Detection for Networks,' Proc. of LISA '99: 13th Systems Administration Conference, Seattle, Washington, USA, November 7-12, 1999
14 http://www.snort.org/
15 Hoagland, J.A, Staniford, S, 'Viewing IDS alerts: lessons from SnortSnarf,' Proc. of the 2001 IEEE DISCEX '01 on DARPA Information Survivability Conference & Exposition II, pp. 374-386, 12-14 June 2001   DOI
16 http://www.psionic.com/
17 David Sarmanian, 'Deploying PortSentry-A Simple and Free Barrier From Inside Hackers,' http://www.giac.org/practical/gsec/David_Sarmanian_GSEC.pdf