An Adaptive Log Based Realtime Network Scans in LAN

International Journal of Computer Trends and Technology (IJCTT)          
© - November Issue 2013 by IJCTT Journal
Volume-5 Issue-5                           
Year of Publication : 2013
Authors :Puli Lakshmana Swami , Neela Surendrababu


Puli Lakshmana Swami , Neela Surendrababu"An Adaptive Log Based Realtime Network Scans in LAN"International Journal of Computer Trends and Technology (IJCTT),V5(5):262-267 November Issue 2013 .ISSN Published by Seventh Sense Research Group.

Abstract:- Network scans really are a common initial step within a network intrusion attempt. As a way to gain details about a possible network intrusion, it can be beneficial to analyze these network scans. Scanning activity is naturally a common activity over the internet today, representing malicious activity such as information gathering by the motivated adversary or automated tool on the lookout for vulnerable hosts (e.g., worms). Many scan detection techniques have been developed; however, their focus has been on smaller networks where packet-level information is available, or where internal characteristics of this very network have been observed. Existing approaches use scan detection technique as a way to identify of packet-level data between host pairs, and activities are identified by grouping sessions based on patterns inside the kinds of session, the IP addresses, plus the ports. For serious networks, which can include those of ISPs, large corporations or government organizations, people`s information might not be available. Existing model offers a model of scans which can be used given only unidirectional flow data. Novel classification of scan detection methods based upon their network policy, since attackers usually takes benefit for such policies to evade detection. The intention of the proposed program is to analyze sample network traces to discover and classify properties of port scans using robust Probabilistic technique. Finally scan detection accuracy can possibly be analyzed by employing logistic regression approach that is used to model the post that informs a user if a scan is present. Experimental results will provides insight into Internet traffic by classifying known activities, giving visibility to threats to the network through scan detection, which correspondingly extending understanding of the activities occurring on the network.


[1] A Network Activity Classification Schema and Its Application to Scan Detection Joanne Treurniet , IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19, NO. 5, OCTOBER 2011
[2] Stefan Axelsson. The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security, 3(3):186 – 205, 2000.
[3] G. Elfving. Optimum allocation in linear regression theory. The Annals of Mathematical Statistics, 23(2):255 – 262, 1952.
[4] Andrew Gelman, John B. Carlin, Hal S. Stern, and Donald B. Rubin. Bayesian Data Analysis. Chapman and Hall, 1995. ISBN 0-412-03991-5.
[5] Simon Jackman. Estimation and inference via bayesian simulation: An introduction to markov chain monte carlo. American Journal of Political Science, 44(2):375 – 404, 2000.
[6] Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 211 – 225, Oakland, California, USA, 2004. IEEE Computer Society. May 9-12, 2004.
[7] C. Leckie and R. Kotagiri. A probabilistic approach to detecting network scans. In Proceedings of the 2002 IEEE Network Operations and Management Symposium, pages 359 – 372, Florence, Italy, 2002. April 15-19, 2002.
[8] Chris Muelder, Kwan-Liu Ma, and Tony Bartoletti. Interactive visualization for network and port scan detection. In Proceedings of 2005 Recent Advances in Intrusion Detection, 2005. September 7-9, 2005.
[9] Susmit Panjwani, Stephanie Tan, Keith M. Jarrin, and Michel Cukier. An experimental evaluation to determine if port scans are precursors to an attack. In Proceedings of the 2005 International Conference on Dependable Systems and Networks, pages 602 – 611, Yokohama, Japan, 2005. June 28-July 1, 2005.
[10] Vern Paxson. Bro: A system for detecting network intruders in real-time. In Proceedings of the 7th USENIX Security Symposium, 1998. San Antonio, Texas. January 26-29.
[11] Seth Robertson, Eric V. Siegel, Matt Miller, and Salvatore J. Stolfo. Surveillance detection in high bandwidth environments. In Proceedings of the 2003 DARPA DISCEX III Conference, pages 130 – 139, Washington, DC, 2003. IEEE Press. 22-24 April 2003.

Keywords :— Attack, Scan,LAN.