Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A Multi-Resolution Approach forWorm Detection and Containment
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
An Overview of IP Flow-Based Intrusion Detection
IEEE Communications Surveys & Tutorials
| Hi-index | 0.00 |
In order to attack to a network, an attacker first must find vulnerability points of the target network. This task is done through scanning. There are many methods of scan detection. Most of these methods are based on thresholding. Setting a proper threshold value is crucial and depends on many parameters such as network structure and time window. In this study we proposed a new scan detection method based on genetic algorithm (GA). This method has two phases. In the first phase we separate normal traffic from suspicious traffic and send only suspicious traffic to the second phase. This way the overhead of the process in the second phase is decreased considerably. In the second phase we aim to detect attacks with respect to two optimum parameters of threshold and memory. We compared our method with snort. Results showed that our method achieves better performance in both hit rate and false alarm rate.