Scan Detection on Very Large Networks Using Logistic Regression Modeling

I
ISCC
2006
11th IEEE Symposium on Computers and Communications (ISCC'06)
Abstract - Scan Detection on Very Large Networks Using Logistic Regression Modeling

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Carrie Gates Articles by Joshua J. McNutt Articles by Joseph B. Kadane Articles by Marc I. Kellner

11th IEEE Symposium on Computers and Communications (ISCC'06)

Cagliari, Sardinia, Italy

June 26-June 29

ISBN: 0-7695-2588-1

	ASCII Text	x
	Carrie Gates, Joshua J. McNutt, Joseph B. Kadane, Marc I. Kellner, "Scan Detection on Very Large Networks Using Logistic Regression Modeling," Computers and Communications, IEEE Symposium on, pp. 402-408, 11th IEEE Symposium on Computers and Communications (ISCC'06), 2006.

	BibTex	x
	@article{ 10.1109/ISCC.2006.142, author = {Carrie Gates and Joshua J. McNutt and Joseph B. Kadane and Marc I. Kellner}, title = {Scan Detection on Very Large Networks Using Logistic Regression Modeling}, journal ={Computers and Communications, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1530-1346}, pages = {402-408}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISCC.2006.142}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computers and Communications, IEEE Symposium on TI - Scan Detection on Very Large Networks Using Logistic Regression Modeling SN - 1530-1346 SP402 EP408 A1 - Carrie Gates, A1 - Joshua J. McNutt, A1 - Joseph B. Kadane, A1 - Marc I. Kellner, PY - 2006 KW - null VL - 0 JA - Computers and Communications, IEEE Symposium on ER -

Carrie Gates, Carnegie Mellon University, USA

Joshua J. McNutt, Carnegie Mellon University, USA

Joseph B. Kadane, Carnegie Mellon University, USA

Marc I. Kellner, Carnegie Mellon University, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISCC.2006.142

Scanning activity is a common activity on the Internet today, representing malicious activity such as information gathering by a motivated adversary or automated tools searching for vulnerable hosts (e.g., worms). Many scan detection techniques have been developed; however, their focus has been on smaller networks where packet-level information is available, or where internal characteristics of the network are known. For large networks, such as those of ISPs, large corporations or government organizations, this information might not be available. This paper presents a model of scans that can be used given only unidirectional flow data. The model uses a Bayesian logistic regression, which was developed using a combination of expert opinion and manually-classified training data. It is shown to have a detection rate of 95.5% with a false positive rate of 0.4% overall when tested against a set of 300 TCP events.

Citation:

Carrie Gates, Joshua J. McNutt, Joseph B. Kadane, Marc I. Kellner, "Scan Detection on Very Large Networks Using Logistic Regression Modeling," iscc, pp.402-408, 11th IEEE Symposium on Computers and Communications (ISCC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.