icon-carat-right menu search cmu-wordmark

Considerations for Scan Detection Using Flow Data

Presentation
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Publisher

Software Engineering Institute

Abstract

Overview:

  • Scans and scan detection - goals and objectives
  • A review of Threshold Random Walk
  • Real-time vs. flow-based approaches
  • Bi-flows and Oracles
  • Extensions
    • to IMCP and UDP
    • indeterminate reduction to improve benign detection
  • Beyond detection - actionable intelligence
  • Comparisons with rwscan
  • Conclusions and future directions.
Part of a Collection

FloCon 2013 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.