Title: Coordinated scan detection algorithm based on the global characteristics of time sequence
Authors: Yanli Lv; Yuanlong Li; Shuang Xiang; Chunhe Xia
Addresses: Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China
Abstract: Scanning is a kind of activities or action for the purpose of acquiring the target host status information. In order to obtain the information more efficiently and more secretly, the attackers in the network often use coordinated scans to scan the target host or network. At present, there are no effective methods to detect the coordinated scan. We take scan sequences as time series and combine the general characteristics of time series. Then based on the features of time series clustering approach, we are going to find the coordinated scans governed by the same controller. Simulation and experiment results show that the methods we propose are better than the existing methods in accuracy and efficiency.
Keywords: scan; scan test; coordinated test; global characteristics; clustering analysis; computational science engineering.
DOI: 10.1504/IJCSE.2018.089576
International Journal of Computational Science and Engineering, 2018 Vol.16 No.1, pp.42 - 52
Received: 27 Oct 2014
Accepted: 07 Feb 2015
Published online: 31 Jan 2018 *