A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is
Malicious agents like self-propagating worms often rely on port or address scanning to discover new potential victims. The ability to detect active scanners based on passive traffic monitoring is an important prerequisite for taking appropriate countermeasures. In this work we evaluate experimentally two common algorithms for scanner detection based on extensive analysis of real traffic traces from a live 3G mobile network. We observe that in practice a large number of alarms are triggered bydblp:journals/ijnsec/FallettaR09 fatcat:73dowt7rmnct3benwnrtrgehtq