Title: Coordinated scan detection algorithm based on the global characteristics of time sequence

Authors: Yanli Lv; Yuanlong Li; Shuang Xiang; Chunhe Xia

Addresses: Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China ' Beijing Key Lab. of Network Technology, Beihang Uiniversity, XueYuan Road No. 37, HaiDian District, Beijing, 100191, China; Information Center of the Ministry of Science and Technology of China, 15B, Fuxing Road, HaiDian District, Beijing, 100862, China

Abstract: Scanning is a kind of activities or action for the purpose of acquiring the target host status information. In order to obtain the information more efficiently and more secretly, the attackers in the network often use coordinated scans to scan the target host or network. At present, there are no effective methods to detect the coordinated scan. We take scan sequences as time series and combine the general characteristics of time series. Then based on the features of time series clustering approach, we are going to find the coordinated scans governed by the same controller. Simulation and experiment results show that the methods we propose are better than the existing methods in accuracy and efficiency.

Keywords: scan; scan test; coordinated test; global characteristics; clustering analysis; computational science engineering.

DOI: 10.1504/IJCSE.2018.089576

International Journal of Computational Science and Engineering, 2018 Vol.16 No.1, pp.42 - 52

Received: 27 Oct 2014
Accepted: 07 Feb 2015

Published online: 31 Jan 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article