Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

An Improved Method for Anomaly-Based Network Scan Detection

Download
225 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_21,
        author={Ashton Webster and Margaret Gratian and Ryan Eckenrod and Daven Patel and Michel Cukier},
        title={An Improved Method for Anomaly-Based Network Scan Detection},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Machine learning Network intrusion detection Anomaly-based detection Network security Scanning},
        doi={10.1007/978-3-319-28865-9_21}
    }
    
  • Ashton Webster
    Margaret Gratian
    Ryan Eckenrod
    Daven Patel
    Michel Cukier
    Year: 2016
    An Improved Method for Anomaly-Based Network Scan Detection
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_21
Ashton Webster1,*, Margaret Gratian1,*, Ryan Eckenrod1,*, Daven Patel1,*, Michel Cukier1,*
  • 1: University of Maryland
*Contact email: awebste2@umd.edu, mgratian@umd.edu, eckenrod@umd.edu, dpate119@umd.edu, mcukier@umd.edu

Abstract

Network scans, a form of network attacker reconnaissance, often preface dangerous attacks. While many anomaly-based network scan detection methods are available, they are rarely implemented in real networks due to high false positive rates and a lack of justification for the chosen attribute sets and machine learning algorithms. In this paper, we propose a new method of scan detection by selecting and testing combinations of attribute sets, machine learning algorithms, and lower bounded data to find a Local Optimal Model.