Register Account

Free Academic Seminars And Projects Reports Project Ideas And Disscussion Engineering Project Ideas Computer Science Project Ideas Real Time Port Scan Detection for Internet Backbone

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options  
Real Time Port Scan Detection for Internet Backbone
kirankiran09 Offline
Junior Member
**
Posts: 42
Threads: 21
Joined: Aug 2009
Reputation: 0
#1
10-04-2017, 08:50 PM

Real Time Port Scan Detection for Internet Backbone

Malware of many different varieties continue to spread through today s Internet at an alarming rate and volume. Port scanning, along with email and web page phishing, are the major channels of such propagation. This perpetual and unwanted scanning traffic is often aimed at discovering and infecting vulnerable hosts with viruses, leading eventually to botnets and criminal activities To understand, detect and eliminate such traffic is a vital part of enhancing Internet security.

Here we are proposing a Real Time Port Scan Detection for the Internet backbone.

Why Backbone ?

Aggregate traffic leads to better statistics
Backbone ISPs: value-add services to increase customer satisfaction.
Earlier scan blocking possible, safe guards network performance.
Challenges:

Backbone traffic unidirectional.
High speed links, OC-48, OC-192, volume of traffic very large, needs to be fast.
Intrusion detection is an overhead. Needs to be light weight.
The core of our system is the online implementation of a time-based access pattern Sequential hypothesis testing algorithm (TAPS). The intuition behind this algorithm is that a scanning host s access pattern demonstrates a high value for the ratio of No.ofdestinationIP/No of Ports in a given period of time. We denote this period of time as a time bin. This ratio is then used to perform a test for the hypothesis of whether a host is BENIGN or a SCANNER, across multiple time bins.
TAPS depends solely on counting the destination IPs and ports of a source, without relying on connection state information. Therefore, it can be used for detecting both TCP and UDP scans.

Comparison of Snort and TAPS

SNORT
Access pattern: No. of IP s visited
Connectionless
Absolute thresholding
TAPS
Access pattern: IP/port ratio
Connectionless
Sequential Hypothesis Testing


Hardware Requirement

High Speed Disk Space 60 GB
Faster Memory >=2GB
Faster NIC (network interfacecard) 2 Nos (1 for Administrative Purpose)

Software Requirement

Java 1.6
Any Operating System
Find
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 iAndrew & Melroy van den Berg.