An Adaptive Log Based Realtime Network Scans in LAN

摘要

Network scans really are a common initial step within a network intrusion attempt. As a way to gain details about a possible network intrusion, it can be beneficial to analyze these network scans. Scanning activity is naturally a common activity over the internet today, representing malicious activity such as information gathering by the motivated adversary or automated tool on the lookout for vulnerable hosts (e.g., worms). Many scan detection techniques have been developed; however, their focus has been on smaller networks where packetlevel information is available, or where internal characteristics of this very network have been observed. Existing approaches use scan detection technique as a way to identify of packetlevel data between host pairs, and activities are identified by grouping sessions based on patterns inside the kinds of session, the IP addresses, plus the ports. For serious networks, which can include those of ISPs, large corporations or government organizations, people's information might not be available. Existing model offers a model of scans which can be used given only unidirectional flow data. Novel classification of scan detection methods based upon their network policy, since attackers usually takes benefit for such policies to evade detection. The intention of the proposed program is to analyze sample network traces to discover and classify properties of port scans using robust Probabilistic technique. Finally scan detection accuracy can possibly be analyzed by employing logistic regression approach that is used to model the post that informs a user if a scan is present. Experimental results will provides insight into Internet traffic by classifying known activities, giving visibility to threats to the network through scan detection, which correspondingly extending understanding of the activities occurring on the network.