Detection of Slow Port Scanning Attacks

Abstract

Cyber Security can be thought of as a set of techniques used to protect the secrecy, integrity, and availability of computer data against threats. Scanning attack itself is not a technique; In fact, it is a two-step procedure in which scanning is the first step where the vulnerability of communication channels are discovered and then the attack is launched in the second step. Since a port is an attack surface as all the information goes into and out of a computer through this medium. Therefore in port scanning, available open ports are searched over the network to find out the vulnerable machine that can be exploited. Many slow port scan detection solutions were proposed in the literature; however, all of these approaches use methods to detect the slow port scan attacks over the static time period. The approach proposed in this paper can detect the slow port scanning attacks not just over the static time interval but also all the attacks that are made with a gradual increase or decrease in the time duration. Moreover, this new proposed approach is employed to detect attacks over live data also. Further packet-based analysis is performed to detect the different types of port scan attacks. The best of all the accuracy of different scans is implemented. The proposed approach also classifies the single and parallel port scans based on attempts made. Therefore the difference between the faster scans and the slower ones is achieved.