Ir al contenido (pulsa Retorno)

Universitat Politècnica de Catalunya

    • Català
    • Castellano
    • English
    • LoginRegisterLog in (no UPC users)
  • mailContact Us
  • world English 
    • Català
    • Castellano
    • English
  • userLogin   
      LoginRegisterLog in (no UPC users)

UPCommons. Global access to UPC knowledge

58.950 UPC E-Prints
You are here:
View Item 
  •   DSpace Home
  • E-prints
  • Grups de recerca
  • CBA - Sistemes de Comunicacions i Arquitectures de Banda Ampla
  • Ponències/Comunicacions de congressos
  • View Item
  •   DSpace Home
  • E-prints
  • Grups de recerca
  • CBA - Sistemes de Comunicacions i Arquitectures de Banda Ampla
  • Ponències/Comunicacions de congressos
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

A practical approach to portscan detection in very high-speed links

Thumbnail
View/Open
A practical approach to portscan detection ....pdf (258,8Kb) (Restricted access)   Request copy 

Què és aquest botó?

Aquest botó permet demanar una còpia d'un document restringit a l'autor. Es mostra quan:

  • Disposem del correu electrònic de l'autor
  • El document té una mida inferior a 20 Mb
  • Es tracta d'un document d'accés restringit per decisió de l'autor o d'un document d'accés restringit per política de l'editorial
Share:
 
 
10.1007/978-3-642-19260-9_12
 
  View Usage Statistics
Cita com:
hdl:2117/13177

Show full item record
Mikians, Jakub
Barlet Ros, PereMés informacióMés informacióMés informació
Sanjuàs Cuxart, Josep
Solé Pareta, JosepMés informacióMés informacióMés informació
Document typeConference report
Defense date2011
PublisherSpringer Verlag
Rights accessRestricted access - publisher's policy
Attribution-NonCommercial-NoDerivs 3.0 Spain
Except where otherwise noted, content on this work is licensed under a Creative Commons license : Attribution-NonCommercial-NoDerivs 3.0 Spain
Abstract
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in Internet facing systems. In this paper, we present a new method to efficiently detect TCP port scans in very high-speed links. The main idea behind our approach is to early discard those handshake packets that are not strictly needed to reliably detect port scans. We show that with just a couple of Bloom filters to track active servers and TCP handshakes we can easily discard about 85% of all handshake packets with negligible loss in accuracy. This significantly reduces both the memory requirements and CPU cost per packet. We evaluated our algorithm using packet traces and live traffic from 1 and 10 GigE academic networks. Our results show that our method requires less than 1 MB to accurately monitor a 10 Gb/s link, which perfectly fits in the cache memory of nowadays’ general-purpose processors.
CitationMikians, J. [et al.]. A practical approach to portscan detection in very high-speed links. A: International Conference on Passive and Active Measurement. "12th International Conference on Passive and Active Measurement". Springer Verlag, 2011, p. 112-121. 
URIhttp://hdl.handle.net/2117/13177
DOI10.1007/978-3-642-19260-9_12
Publisher versionhttp://www.springerlink.com/content/m7x721553k62w312/
Collections
  • CBA - Sistemes de Comunicacions i Arquitectures de Banda Ampla - Ponències/Comunicacions de congressos [237]
  • Departament d'Arquitectura de Computadors - Ponències/Comunicacions de congressos [1.828]
Share:
 
  View Usage Statistics

Show full item record

FilesDescriptionSizeFormatView
A practical approach to portscan detection ....pdfBlocked258,8KbPDFRestricted access

Browse

This CollectionBy Issue DateAuthorsOther contributionsTitlesSubjectsThis repositoryCommunities & CollectionsBy Issue DateAuthorsOther contributionsTitlesSubjects

© UPC Obrir en finestra nova . Servei de Biblioteques, Publicacions i Arxius

info.biblioteques@upc.edu

  • About This Repository
  • Contact Us
  • Send Feedback
  • Inici de la pàgina