Considerations for Scan Detection Using Flow Data
• Presentation
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Publisher
Software Engineering Institute
Subjects
Abstract
Overview:
- Scans and scan detection - goals and objectives
- A review of Threshold Random Walk
- Real-time vs. flow-based approaches
- Bi-flows and Oracles
- Extensions
- to IMCP and UDP
- indeterminate reduction to improve benign detection
- Beyond detection - actionable intelligence
- Comparisons with rwscan
- Conclusions and future directions.
Part of a Collection
FloCon 2013 Collection
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.