By Topic

Research for scan detection algorithm of high-speed links based on honeypot

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Xinliang Wang ; School of Information and Communication Engineering Beijing University of Posts and Telecommunications, Beijing, China ; Fang Liu ; LuYing Chen ; Zhenming Lei

In order to effectively detect the scan attack on high-speed links, this paper improves the commonly used scan detection algorithm TRW (Threshold Random Walk) based on honeypot, and makes a detailed analysis on its performance. The analysis shows that the improved algorithm has better performance on the speed of identifying the scan source and can finish the real-time detection of high-speed link scan. Meanwhile, on the basis of selective system sample, this paper focuses on the analysis of the anomaly detection accuracy of three scan detection algorithms: Snort, TRW, TRWHP (Threshold Random Walk Based on Honeypot). The experimental results show that, at the same sampling ratio, the false positive rates of TRWHP and TRW algorithm are almost the same, however, the false negative rate of TRWHP algorithm can make a remarkable improvement and obtain the better detection performance.

Published in:

2010 2nd IEEE InternationalConference on Network Infrastructure and Digital Content

Date of Conference:

24-26 Sept. 2010