Abstract—Recently, cyber-attacks against governments and enterprises more intensified, these have already taken on “Cyber-warfare.” Because the attack technics are more artful, it is too difficult to defend them perfectly. We began this research because super-slow port scannings are extracted from IDSs’ log-data placed in our managed networks for 4 months. In order to extract similar scannings from large log-data, a systematical detection method is required. In this paper, we propose a detection method of scarcely collided super-slow port scannings. This method uses only x2-value of number of accesses per each port without relying on time rate of traffic count. And, we report that plural kinds of scarcely collided super-slow port scannings can be detected in the IDSs’ log-data.
Index Terms—super-slow port scannings, detection method, x2-value
Cite: Kazuyoshi Furukawa, Satoru Shimizu, Masahiko Takenaka, and Satoru Toriil, "On Detection for Scarcely Collided Super-Slow Port Scannings in IDSs' Log-Data," Journal of Communications, vol. 8, no. 11, pp. 788-794, 2013. doi: 10.12720/jcm.8.11.788-794
Copyright © 2013-2022 Journal of Communications, All Rights Reserved