| Title |
Paskirstyto prievadų skenavimo atakų aptikimas tinklo srautuose / |
| Translation of Title |
Distributed port scan detection in network traffic. |
| Authors |
Kulbis, Andrius |
| Full Text |
|
| Pages |
42 |
| Keywords [eng] |
NetFlow ; distributed ; port ; scanning |
| Abstract [eng] |
Computer and communications technology greatly facilitates communication and cooperation, and together they bring more and more new threats to both individual home users and corporate bodies or employees. This paper focuses on network port scanning types and techniques and detection methods for this kind of network attacks. Further investigation has been distributed for the selected port scanning attack, where multiple sources are scanning multiple host in order to find security gaps or weak spots in the network. A method for detecting this type of attack, which is based on the widely used single source scan detection algorithm using NetFlow network flow records as a data source, in order to reduce the amount of the information you need to analyze and coverage events taking place throughout the entire network. The experiment showed that the proposed method is more efficient with the use of device resources for network traffic analysis and has a better accuracy for detecting and identifying a distributed network port scanning attacks compared with the Snort intrusion detection system. |
| Dissertation Institution |
Kauno technologijos universitetas. |
| Type |
Master thesis |
| Language |
Lithuanian |
| Publication date |
2015 |
