AOCD: An Adaptive Outlier Based Coordinated Scan Detection Approach

Abstract

Coordinated attacks are distributed in nature because they attempt to compromise a target machine from multiple sources. It is important for network defenders and administrators to detect these scans as possible preliminaries to more serious attacks. However, it is very difficult to detect malicious scans based on port specific behavior alone. In this paper, we present an Adaptive Outlier based approach for Coordinated scan Detection (AOCD) at an early stage with high accuracy. It is an outlier score based adaptive network anomaly detection approach that considers sets of normal instances during training. We use both normal and port scan instances for testing purpose. We achieve higher detection accuracy and low false positive rate on real-life and KDDcup99 probe datasets in comparison with existing techniques.

Extracted Key Phrases

19 Figures and Tables

Cite this paper

@article{Bhuyan2012AOCDAA, title={AOCD: An Adaptive Outlier Based Coordinated Scan Detection Approach}, author={Monowar H. Bhuyan and Dhruba Kumar Bhattacharyya and Jugal K. Kalita}, journal={I. J. Network Security}, year={2012}, volume={14}, pages={339-351} }