Show simple item record

dc.contributor.authorMikians, Jakub
dc.contributor.authorBarlet Ros, Pere
dc.contributor.authorSanjuàs Cuxart, Josep
dc.contributor.authorSolé Pareta, Josep
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors
dc.date.accessioned2011-09-12T10:43:09Z
dc.date.available2011-09-12T10:43:09Z
dc.date.created2011
dc.date.issued2011
dc.identifier.citationMikians, J. [et al.]. A practical approach to portscan detection in very high-speed links. A: International Conference on Passive and Active Measurement. "12th International Conference on Passive and Active Measurement". Springer Verlag, 2011, p. 112-121.
dc.identifier.urihttp://hdl.handle.net/2117/13177
dc.description.abstractPort scans are continuously used by both worms and human attackers to probe for vulnerabilities in Internet facing systems. In this paper, we present a new method to efficiently detect TCP port scans in very high-speed links. The main idea behind our approach is to early discard those handshake packets that are not strictly needed to reliably detect port scans. We show that with just a couple of Bloom filters to track active servers and TCP handshakes we can easily discard about 85% of all handshake packets with negligible loss in accuracy. This significantly reduces both the memory requirements and CPU cost per packet. We evaluated our algorithm using packet traces and live traffic from 1 and 10 GigE academic networks. Our results show that our method requires less than 1 MB to accurately monitor a 10 Gb/s link, which perfectly fits in the cache memory of nowadays’ general-purpose processors.
dc.format.extent10 p.
dc.language.isoeng
dc.publisherSpringer Verlag
dc.rightsAttribution-NonCommercial-NoDerivs 3.0 Spain
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/es/
dc.subjectÀrees temàtiques de la UPC::Enginyeria de la telecomunicació::Telemàtica i xarxes d'ordinadors::Xarxes de banda ampla
dc.subject.lcshPort scanner
dc.subject.lcshVery high-speed links
dc.subject.lcshTCP ports
dc.titleA practical approach to portscan detection in very high-speed links
dc.typeConference report
dc.subject.lemacEscàner de ports (Informàtica)
dc.contributor.groupUniversitat Politècnica de Catalunya. CBA - Sistemes de Comunicacions i Arquitectures de Banda Ampla
dc.identifier.doi10.1007/978-3-642-19260-9_12
dc.description.peerreviewedPeer Reviewed
dc.relation.publisherversionhttp://www.springerlink.com/content/m7x721553k62w312/
dc.rights.accessRestricted access - publisher's policy
drac.iddocument5740176
dc.description.versionPostprint (published version)
upcommons.citation.authorMikians, J.; Barlet, P.; Sanjuàs, J.; Solé-Pareta, J.
upcommons.citation.contributorInternational Conference on Passive and Active Measurement
upcommons.citation.publishedtrue
upcommons.citation.publicationName12th International Conference on Passive and Active Measurement
upcommons.citation.startingPage112
upcommons.citation.endingPage121


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Except where otherwise noted, content on this work is licensed under a Creative Commons license: Attribution-NonCommercial-NoDerivs 3.0 Spain