Abstract
There is a certain level of requirements for system performance that intrusion detection systems on the Internet need. One of them is to lower the rate of and Negative. Another one is to have a convenient user interface so that users can manage system security easily with the detection systems. However, scan detection systems on public domain show a high rate of false detection and have difficulty in detecting various scanning techniques. In addition, since current scan detection systems are based on the command interface, the systems have been poor at user interface and therefore it is difficult to apply them to system security management. Hence, we first propose a set of new filter rules, which detect various scan attacks based on port scanning techniques. Secondly, a set of ABP-Rules derived from attacker's behavioral patterns is proposed in order to minimize the False Positive rate. With these methods, we implement a new real-time scan detection system, overcoming the limitations of current real-time scan detection systems. Also the implemented system contains a GUI interface for user's convenience of managing the network security, which was developed with Tcl/Tk.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
