This decommissioned ERA site remains active temporarily to support our final migration steps to https://ualberta.scholaris.ca, ERA's new home. All new collections and items, including Spring 2025 theses, are at that site. For assistance, please contact erahelp@ualberta.ca.
- 246 views
- 282 downloads
Detecting network portscans through anomaly detection.
-
- Author(s) / Creator(s)
-
In this note, we consider the problem of detecting network portscans through the use of anomaly detection. First, we introduce some static tests for analyzing traffic rates. Then, we make use of two dynamic chi-square tests to detect anomalous packets. Further, we model network traffic as a marked point process and introduce a general portscan model. Simulation results for correct detects and false alarms are presented using this portscan model and the statistical tests.
-
- Date created
- 2004
-
- Subjects / Keywords
-
- Type of Item
- Conference/Workshop Presentation
-
- License
- Copyright 2004 Society of Photo Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.