JP4743901B2 - ネットワーク上での不正なスキャンニングを検出するための方法、システムおよびコンピュータ・プログラム - Google Patents

ネットワーク上での不正なスキャンニングを検出するための方法、システムおよびコンピュータ・プログラム Download PDF

Info

Publication number
JP4743901B2
JP4743901B2 JP2007521949A JP2007521949A JP4743901B2 JP 4743901 B2 JP4743901 B2 JP 4743901B2 JP 2007521949 A JP2007521949 A JP 2007521949A JP 2007521949 A JP2007521949 A JP 2007521949A JP 4743901 B2 JP4743901 B2 JP 4743901B2
Authority
JP
Japan
Prior art keywords
packet
leaf
packets
slot
block
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2007521949A
Other languages
English (en)
Japanese (ja)
Other versions
JP2008507222A5 (enExample
JP2008507222A (ja
Inventor
ブーランジェ、アラン、デイヴィッド
ダンフォード、ロバート、ウィリアム
ヒンバーガー、ケヴィン、デイヴィッド
ジェフリーズ、クラーク、デブス
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/896,733 external-priority patent/US7957372B2/en
Priority claimed from US10/896,680 external-priority patent/US7669240B2/en
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of JP2008507222A publication Critical patent/JP2008507222A/ja
Publication of JP2008507222A5 publication Critical patent/JP2008507222A5/ja
Application granted granted Critical
Publication of JP4743901B2 publication Critical patent/JP4743901B2/ja
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
JP2007521949A 2004-07-22 2005-07-20 ネットワーク上での不正なスキャンニングを検出するための方法、システムおよびコンピュータ・プログラム Expired - Fee Related JP4743901B2 (ja)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US10/896,733 US7957372B2 (en) 2004-07-22 2004-07-22 Automatically detecting distributed port scans in computer networks
US10/896,680 2004-07-22
US10/896,680 US7669240B2 (en) 2004-07-22 2004-07-22 Apparatus, method and program to detect and control deleterious code (virus) in computer network
US10/896,733 2004-07-22
PCT/EP2005/053518 WO2006008307A1 (en) 2004-07-22 2005-07-20 Method, system and computer program for detecting unauthorised scanning on a network

Publications (3)

Publication Number Publication Date
JP2008507222A JP2008507222A (ja) 2008-03-06
JP2008507222A5 JP2008507222A5 (enExample) 2008-07-24
JP4743901B2 true JP4743901B2 (ja) 2011-08-10

Family

ID=35058515

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2007521949A Expired - Fee Related JP4743901B2 (ja) 2004-07-22 2005-07-20 ネットワーク上での不正なスキャンニングを検出するための方法、システムおよびコンピュータ・プログラム

Country Status (3)

Country Link
JP (1) JP4743901B2 (enExample)
TW (1) TWI364190B (enExample)
WO (1) WO2006008307A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101499666B1 (ko) * 2013-08-08 2015-03-06 주식회사 시큐아이 네트워크 스캔 탐지 방법 및 장치

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009171431A (ja) * 2008-01-18 2009-07-30 Oki Electric Ind Co Ltd トラフィック分析装置、トラフィック分析方法及びトラフィック分析システム
TWI387259B (zh) * 2008-08-01 2013-02-21 Kathy T Lin 監控網站應用程式使用情境安全性之系統、方法、監控程式產品及電腦可讀取記錄媒體
US8842590B2 (en) * 2009-07-21 2014-09-23 Htc Corporation Mobile device and data connection method thereof
CN102591965B (zh) * 2011-12-30 2014-07-09 奇智软件(北京)有限公司 一种黑链检测的方法及装置
US9392003B2 (en) 2012-08-23 2016-07-12 Raytheon Foreground Security, Inc. Internet security cyber threat reporting system and method
CN105306436B (zh) 2015-09-16 2016-08-24 广东睿江云计算股份有限公司 一种异常流量检测方法
GB2583114B (en) * 2019-04-17 2022-09-21 F Secure Corp Preventing UDP hole punching abuse

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW453072B (en) * 1999-08-18 2001-09-01 Alma Baba Technical Res Lab Co System for montoring network for cracker attacic
JP2002124996A (ja) * 2000-10-13 2002-04-26 Yoshimi Baba 高速パケット取得エンジン・セキュリティ
US20030200441A1 (en) * 2002-04-19 2003-10-23 International Business Machines Corporation Detecting randomness in computer network traffic
US7269850B2 (en) * 2002-12-31 2007-09-11 Intel Corporation Systems and methods for detecting and tracing denial of service attacks
US7356587B2 (en) * 2003-07-29 2008-04-08 International Business Machines Corporation Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101499666B1 (ko) * 2013-08-08 2015-03-06 주식회사 시큐아이 네트워크 스캔 탐지 방법 및 장치

Also Published As

Publication number Publication date
TW200625871A (en) 2006-07-16
TWI364190B (en) 2012-05-11
JP2008507222A (ja) 2008-03-06
WO2006008307A1 (en) 2006-01-26

Similar Documents

Publication Publication Date Title
US11516181B2 (en) Device, system and method for defending a computer network
CN101052934B (zh) 用于检测网络上未经授权的扫描的方法、系统和计算机程序
US8296842B2 (en) Detecting public network attacks using signatures and fast content analysis
US7734776B2 (en) Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram
Li et al. A survey of internet worm detection and containment
US8042182B2 (en) Method and system for network intrusion detection, related network and computer program product
Yen et al. Traffic aggregation for malware detection
Belenky et al. On deterministic packet marking
Hunt et al. Network forensics: an analysis of techniques, tools, and trends
US20030200441A1 (en) Detecting randomness in computer network traffic
Mohammed et al. Honeycyber: Automated signature generation for zero-day polymorphic worms
US7873998B1 (en) Rapidly propagating threat detection
Ádám et al. Artificial neural network based IDS
JP4743901B2 (ja) ネットワーク上での不正なスキャンニングを検出するための方法、システムおよびコンピュータ・プログラム
US7957372B2 (en) Automatically detecting distributed port scans in computer networks
US11997133B2 (en) Algorithmically detecting malicious packets in DDoS attacks
Sun et al. SACK2: effective SYN flood detection against skillful spoofs
Mohammed et al. Detection of zero-day polymorphic worms using principal component analysis
Prabhu et al. Network intrusion detection system
Abdulla et al. Setting a worm attack warning by using machine learning to classify netflow data
Mohammed et al. Fast automated signature generation for polymorphic worms using double-honeynet
Kijewski Automated extraction of threat signatures from network flows
Abbasi Detection and classification of malicious network streams in honeynets: a thesis presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Computer Science at Massey University, Palmerston North, New Zealand
Mohammed et al. An automated signature generation approach for polymorphic worms using principal component analysis
Patel Efficient string matching algorithm for intrusion detection

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080530

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20080530

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20100825

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20100907

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20101105

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20101105

RD12 Notification of acceptance of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7432

Effective date: 20101105

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20101108

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20101222

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20110318

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20110318

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20110325

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20110425

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20110426

RD14 Notification of resignation of power of sub attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7434

Effective date: 20110426

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110509

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140520

Year of fee payment: 3

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

LAPS Cancellation because of no payment of annual fees