Advanced search
Publication Cover
International Journal of Computer Mathematics Volume 89, 2012 - Issue 15
Submit an article Journal homepage
259
Views
5
CrossRef citations to date
0
Altmetric
Section A

Statistical cross-relation approach for detecting TCP and UDP random and sequential network scanning (SCANS)

Mohammed Anbar National Advanced IPv6 Centre of Excellence, Universiti Sains Malaysia , Penang, Malaysia
,
Ahmed Manasrah Faculty of Information Technology and Computer Sciences, Yarmouk University , Irbid, Jordan
&
Selvakumar Manickam National Advanced IPv6 Centre of Excellence, Universiti Sains Malaysia , Penang, Malaysia
Pages 1952-1969 | Received 16 Aug 2011, Accepted 21 May 2012, Published online: 19 Jun 2012
 
Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days

Abstract

Network scanning is considered to be the first step taken by attackers trying to gain access to a targeted network. System and network administrators find it useful if they are able to identify the targets scanned by network attackers. Resources and services can be further protected by patching or installing security measures, such as a firewall, an intrusion detection system, or some alternative computer system. This paper presents a statistical ‘cross-relation’ approach for detecting network scanning and identifying its targets. Our approach is based on using TCP RST packets for detecting TCP sequential scanning and ICMP type 3 (port unreachable) packets for detecting UDP sequential scanning. TCP or UDP random scanning is confirmed when there is a ‘cross-relation’ between an ICMP type 3, code 1 (host unreachable) and the TCP RST counts per source IP address and between an ICMP type 3, code 3 (port unreachable) and an ICMP type 3, code 1 (host unreachable). We tested the proposed approach with the DARPA 1998 data set and confirmed that our method was more effective in detecting TCP and UDP scanning than the existing approaches, and it also provided better detection accuracy.

2000 AMS Subject Classification:

Log in via your institution

Access through your institution

Log in to Taylor & Francis Online

Restore content access

Restore content access for purchases made as guest
Purchase options * Save for later

PDF download + Online access

  • 48 hours access to article PDF & online version
  • Article PDF can be downloaded
  • Article PDF can be printed
USD 61.00 Add to cart

Issue Purchase

  • 30 days online access to complete issue
  • Article PDFs can be downloaded
  • Article PDFs can be printed
USD 1,129.00 Add to cart

* Local tax will be added as applicable

Related Research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.