An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack

Yokohama, Japan June 28-July 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2005.18

2005 International Conference on Depe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Susmit Panjwani Articles by Stephanie Tan Articles by Keith M. Jarrin Articles by Michel Cukier

	ASCII Text	x
	Susmit Panjwani, Stephanie Tan, Keith M. Jarrin, Michel Cukier, "An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack," Dependable Systems and Networks, International Conference on, pp. 602-611, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005.

	BibTex	x
	@article{ 10.1109/DSN.2005.18, author = {Susmit Panjwani and Stephanie Tan and Keith M. Jarrin and Michel Cukier}, title = {An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2282-3}, pages = {602-611}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2005.18}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack SN - 0-7695-2282-3 SP602 EP611 A1 - Susmit Panjwani, A1 - Stephanie Tan, A1 - Keith M. Jarrin, A1 - Michel Cukier, PY - 2005 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Susmit Panjwani, University of Maryland at College Park

Stephanie Tan, University of Maryland at College Park

Keith M. Jarrin, University of Maryland at College Park

Michel Cukier, University of Maryland at College Park

This paper describes an experimental approach to determine the correlation between port scans and attacks. Discussions in the security community often state that port scans should be considered as precursors to an attack. However, very few studies have been conducted to quantify the validity of this hypothesis. In this paper, attack data were collected using a test-bed dedicated to monitoring attackers. The data collected consist of port scans, ICMP scans, vulnerability scans, successful attacks and management traffic. Two experiments were performed to validate the hypothesis of linking port scans and vulnerability scans to the number of packets observed per connection. Customized scripts were then developed to filter the collected data and group them on the basis of scans and attacks between a source and destination IP address pair. The correlation of the filtered data groups was assessed. The analyzed data consists of forty-eight days of data collection for two target computers on a heavily utilized subnet.

Citation:

Susmit Panjwani, Stephanie Tan, Keith M. Jarrin, Michel Cukier, "An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack," dsn, pp.602-611, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.