A Method for Quantifying the Risk of Network Port Scan
네트워크 포트스캔의 위험에 대한 정량화 방법

Seongchul Park, Juntae Kim
2012 Journal of the Korea Society for Simulation  
Network port scan attack is the method for finding ports opening in a local network. Most existing IDSs(intrusion detection system) record the number of packets sent to a system per unit time. If port scan count from a source IP address is higher than certain threshold, it is regarded as a port scan attack. The degree of risk about source IP address performing network port scan attack depends on attack count recorded by IDS. However, the measurement of risk based on the attack count may reduce
more » ... ort scan detection rates due to the increased false negative for slow port scan. This paper proposes a method of summarizing 4 types of information to differentiate network port scan attack more precisely and comprehensively. To integrate the riskiness, we present a risk index that quantifies the risk of port scan attack by using PCA. The proposed detection method using risk index shows superior performance than Snort for the detection of network port scan.
doi:10.9709/jkss.2012.21.4.091 fatcat:2toiccnjj5hzhaqafwax4lmcdq