Detecting network portscans through anomaly detection.

  • Author(s) / Creator(s)
  • In this note, we consider the problem of detecting network portscans through the use of anomaly detection. First, we introduce some static tests for analyzing traffic rates. Then, we make use of two dynamic chi-square tests to detect anomalous packets. Further, we model network traffic as a marked point process and introduce a general portscan model. Simulation results for correct detects and false alarms are presented using this portscan model and the statistical tests.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Conference/Workshop Presentation
  • DOI
  • License
    Copyright 2004 Society of Photo Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.
  • Language
  • Citation for previous publication
    • J. Kim, S. Kim, M.A. Kouritzin, and W. Sun, "Detecting network portscans through anomaly detection", in Signal Processing, Sensor Fusion and Target Recognition XIII, the 2004 Proceedings of SPIE, 5429 (2004) 254-263. doi:10.1117/12.546127