Abstract
Defending a cyber asset from a targeted attack based on port scanning is a challenging task because attackers exploit protocol behavior essential for productive use of applications. For instance, TCP or UDP ports opened for applications such as file transfer or video can be exploited to launch denial of service attacks. There is a need for proactive methods that can detect port scanning based attacks at their initial stage so that countermeasures can be initiated before the attack impact is disruptive on a cyber asset. This paper presents methods to counteract the initial stages of network attacks involving TCP and UDP port scanning. Our methods analyze outgoing traffic to identify ICMP 3.3 and TCP RST response packets that indicate the beginning of an attack launch. We specifically describe two countermeasures based on software-defined networking controller (at the network level) and Linux utility (at the host level) modules we developed. To validate the effectiveness of our proactive detection based methodology, we set up a testbed with a scheme of a polygon and conducted experiments related to distortion of the port status of attacks. Our results demonstrate that our approach is effective and the accuracy of determining open TCP ports did not exceed 15%, and it did not reach 2% for the remaining ports (closed TCP, UDP of any type).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
