Considerations for Scan Detection Using Flow Data
• Presentation
In this presentation, the author discusses internet traffic scan detection and describes Threshold Random Walk, an algorithm to identify malicious remote hosts.
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Overview:
- Scans and scan detection - goals and objectives
- A review of Threshold Random Walk
- Real-time vs. flow-based approaches
- Bi-flows and Oracles
- Extensions
- to IMCP and UDP
- indeterminate reduction to improve benign detection
- Beyond detection - actionable intelligence
- Comparisons with rwscan
- Conclusions and future directions.
Part of a Collection
FloCon 2013 Collection
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.