TWI364190B - Method, system and program for automatically detecting distributed port scans in computer networks - Google Patents
Method, system and program for automatically detecting distributed port scans in computer networks Download PDFInfo
- Publication number
- TWI364190B TWI364190B TW94124490A TW94124490A TWI364190B TW I364190 B TWI364190 B TW I364190B TW 94124490 A TW94124490 A TW 94124490A TW 94124490 A TW94124490 A TW 94124490A TW I364190 B TWI364190 B TW I364190B
- Authority
- TW
- Taiwan
- Prior art keywords
- destination
- address
- packet
- leaf node
- value
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 43
- 238000001514 detection method Methods 0.000 claims description 32
- 241000712062 Patricia Species 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 10
- 239000000463 material Substances 0.000 claims description 8
- 230000009471 action Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000009931 harmful effect Effects 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 4
- 241000191291 Abies alba Species 0.000 claims description 3
- 210000004556 brain Anatomy 0.000 claims description 2
- 239000013256 coordination polymer Substances 0.000 claims description 2
- 238000009616 inductively coupled plasma Methods 0.000 claims 4
- 235000010384 tocopherol Nutrition 0.000 claims 4
- 235000019731 tricalcium phosphate Nutrition 0.000 claims 4
- 238000004590 computer program Methods 0.000 claims 2
- 238000010276 construction Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 description 17
- 241000700605 Viruses Species 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 230000007246 mechanism Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000003780 insertion Methods 0.000 description 6
- 230000037431 insertion Effects 0.000 description 6
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- XEEYBQQBJWHFJM-UHFFFAOYSA-N Iron Chemical compound [Fe] XEEYBQQBJWHFJM-UHFFFAOYSA-N 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000001186 cumulative effect Effects 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 229910052742 iron Inorganic materials 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- DSSYKIVIOFKYAU-XCBNKYQSSA-N (R)-camphor Chemical compound C1C[C@@]2(C)C(=O)C[C@@H]1C2(C)C DSSYKIVIOFKYAU-XCBNKYQSSA-N 0.000 description 1
- 241000238876 Acari Species 0.000 description 1
- 241001674044 Blattodea Species 0.000 description 1
- 241000723346 Cinnamomum camphora Species 0.000 description 1
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 206010011469 Crying Diseases 0.000 description 1
- 241000255925 Diptera Species 0.000 description 1
- 206010016717 Fistula Diseases 0.000 description 1
- PEDCQBHIVMGVHV-UHFFFAOYSA-N Glycerine Chemical compound OCC(O)CO PEDCQBHIVMGVHV-UHFFFAOYSA-N 0.000 description 1
- 241000868953 Hymenocardia acida Species 0.000 description 1
- 235000009827 Prunus armeniaca Nutrition 0.000 description 1
- 244000018633 Prunus armeniaca Species 0.000 description 1
- 241000589970 Spirochaetales Species 0.000 description 1
- 238000002266 amputation Methods 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 229960000846 camphor Drugs 0.000 description 1
- 229930008380 camphor Natural products 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 210000000078 claw Anatomy 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003890 fistula Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 206010025482 malaise Diseases 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
- 239000002689 soil Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 208000024891 symptom Diseases 0.000 description 1
- 239000013077 target material Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000009941 weaving Methods 0.000 description 1
- 239000002023 wood Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/896,733 US7957372B2 (en) | 2004-07-22 | 2004-07-22 | Automatically detecting distributed port scans in computer networks |
| US10/896,680 US7669240B2 (en) | 2004-07-22 | 2004-07-22 | Apparatus, method and program to detect and control deleterious code (virus) in computer network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW200625871A TW200625871A (en) | 2006-07-16 |
| TWI364190B true TWI364190B (en) | 2012-05-11 |
Family
ID=35058515
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW94124490A TWI364190B (en) | 2004-07-22 | 2005-07-20 | Method, system and program for automatically detecting distributed port scans in computer networks |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP4743901B2 (enExample) |
| TW (1) | TWI364190B (enExample) |
| WO (1) | WO2006008307A1 (enExample) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009171431A (ja) * | 2008-01-18 | 2009-07-30 | Oki Electric Ind Co Ltd | トラフィック分析装置、トラフィック分析方法及びトラフィック分析システム |
| TWI387259B (zh) * | 2008-08-01 | 2013-02-21 | Kathy T Lin | 監控網站應用程式使用情境安全性之系統、方法、監控程式產品及電腦可讀取記錄媒體 |
| US8842590B2 (en) * | 2009-07-21 | 2014-09-23 | Htc Corporation | Mobile device and data connection method thereof |
| CN102591965B (zh) * | 2011-12-30 | 2014-07-09 | 奇智软件(北京)有限公司 | 一种黑链检测的方法及装置 |
| US9392003B2 (en) | 2012-08-23 | 2016-07-12 | Raytheon Foreground Security, Inc. | Internet security cyber threat reporting system and method |
| KR101499666B1 (ko) * | 2013-08-08 | 2015-03-06 | 주식회사 시큐아이 | 네트워크 스캔 탐지 방법 및 장치 |
| CN105306436B (zh) | 2015-09-16 | 2016-08-24 | 广东睿江云计算股份有限公司 | 一种异常流量检测方法 |
| GB2583114B (en) * | 2019-04-17 | 2022-09-21 | F Secure Corp | Preventing UDP hole punching abuse |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW453072B (en) * | 1999-08-18 | 2001-09-01 | Alma Baba Technical Res Lab Co | System for montoring network for cracker attacic |
| JP2002124996A (ja) * | 2000-10-13 | 2002-04-26 | Yoshimi Baba | 高速パケット取得エンジン・セキュリティ |
| US20030200441A1 (en) * | 2002-04-19 | 2003-10-23 | International Business Machines Corporation | Detecting randomness in computer network traffic |
| US7269850B2 (en) * | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
| US7356587B2 (en) * | 2003-07-29 | 2008-04-08 | International Business Machines Corporation | Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram |
-
2005
- 2005-07-20 JP JP2007521949A patent/JP4743901B2/ja not_active Expired - Fee Related
- 2005-07-20 TW TW94124490A patent/TWI364190B/zh not_active IP Right Cessation
- 2005-07-20 WO PCT/EP2005/053518 patent/WO2006008307A1/en not_active Ceased
Also Published As
| Publication number | Publication date |
|---|---|
| TW200625871A (en) | 2006-07-16 |
| JP2008507222A (ja) | 2008-03-06 |
| WO2006008307A1 (en) | 2006-01-26 |
| JP4743901B2 (ja) | 2011-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7734776B2 (en) | Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram | |
| Coull et al. | Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces. | |
| CN101052934B (zh) | 用于检测网络上未经授权的扫描的方法、系统和计算机程序 | |
| Belenky et al. | On deterministic packet marking | |
| US7814546B1 (en) | Method and system for integrated computer networking attack attribution | |
| CN101589595B (zh) | 用于潜在被污染端系统的牵制机制 | |
| TWI332159B (en) | Method, system, analyser, router, and computer readable medium of detecting a distributed denial of service (ddos) attack in the internet | |
| US8561188B1 (en) | Command and control channel detection with query string signature | |
| WO2001013589A1 (en) | Cracker monitoring system | |
| JP2010528496A (ja) | 無線メッシュ及びセンサ・ネットワークにおける回復力のあるパケット逆探知のための方法及びシステム | |
| CN102045344B (zh) | 一种基于路径信息弹性分片的跨域溯源方法及系统 | |
| TWI364190B (en) | Method, system and program for automatically detecting distributed port scans in computer networks | |
| US20180270197A1 (en) | Intrusion prevention | |
| CN110113333A (zh) | 一种tcp/ip协议指纹动态化处理方法及装置 | |
| US7957372B2 (en) | Automatically detecting distributed port scans in computer networks | |
| CN105791300B (zh) | 基于追踪痕迹重要性评估的单包溯源方法 | |
| CN101213813A (zh) | 借助目标受害者的自识别和控制,防御ip网络中服务拒绝攻击的方法 | |
| Chen et al. | DAW: A distributed antiworm system | |
| Rafsanjani et al. | Classification and comparison of IP traceback techniques for DoS/DDoS/DRDoS defence | |
| Gil | MULTOPS: A data structure for denial-of-service attack detection | |
| Vincent et al. | A survey of IP traceback mechanisms to overcome denial-of-service attacks | |
| Wang et al. | IP traceback based on deterministic packet marking and logging | |
| CN105554041A (zh) | 一种检测基于流表超时机制的分布式拒绝服务攻击的方法 | |
| CN116032630B (zh) | 一种面向网络隐藏的防火墙设计方法及系统 | |
| JP5582499B2 (ja) | ネットワーク監視方法及びシステム及び装置及びプログラム |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |