Referenced Items are not available for this document.
In order to effectively detect the scan attack on high-speed links, this paper improves the commonly used scan detection algorithm TRW (Threshold Random Walk) based on honeypot, and makes a detailed analysis on its performance. The analysis shows that the improved algorithm has better performance on the speed of identifying the scan source and can finish the real-time detection of high-speed link scan. Meanwhile, on the basis of selective system sample, this paper focuses on the analysis of the anomaly detection accuracy of three scan detection algorithms: Snort, TRW, TRWHP (Threshold Random Walk Based on Honeypot). The experimental results show that, at the same sampling ratio, the false positive rates of TRWHP and TRW algorithm are almost the same, however, the false negative rate of TRWHP algorithm can make a remarkable improvement and obtain the better detection performance.
Published in:
Network Infrastructure and Digital Content, 2010 2nd IEEE International Conference on
Date of Conference: 24-26 Sept. 2010
- Page(s):
- 66 - 70
- Print ISBN:
- 978-1-4244-6851-5
- INSPEC Accession Number:
- 11688661
- Conference Location :
- Beijing
- Digital Object Identifier :
- 10.1109/ICNIDC.2010.5657900
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
