Towards a taxonomy of network scanning techniques

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Towards a taxonomy of network scanning techniques

Full text

Pdf (607 KB)

Source

ACM International Conference Proceeding Series; Vol. 338 archive
Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology table of contents

Wilderness, South Africa

Pages 1-7

Year of Publication: 2008

ISBN:978-1-60558-286-3

Authors

Richard J Barnett	Rhodes University, Grahamstown, South Africa
Barry Irwin	Rhodes University, Grahamstown, South Africa

Sponsor

Microsoft : Microsoft

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 21, Downloads (12 Months): 111, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456659.1456660 What is a DOI?

ABSTRACT

Network scanning is a common reconnaissance activity in network intrusion. Despite this, it's classification remains vague and detection systems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic.

This paper presents a classification of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Bro intrusion detection system - bro overview. Online: http://www.bro-ids.org/, Accessed: 28/01/2008.
	2	Nmap - free security scanner for network exploration & security audits. Online: http://nmap.org/, Accessed: 29/05/2008.
	3	Snort - the de facto standard for intrusion detection/prevention. Online: http://www.snort.org/, Accessed: 28/01/2008.
	4	Wireshark: Go deep. Online: http://www.wireshark.org/, Accessed: 21/06/2008.
	5	Mark Allman , Vern Paxson , Jeff Terrell, A brief history of scanning, Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, October 24-26, 2007, San Diego, California, USA [doi>10.1145/1298306.1298316]
	6	Hervé Debar , Marc Dacier , Andreas Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.9, p.805-822, April 23, 1999
	7	Fyodor. The art of port scanning. Phrack Magazine, 7(51):Article 11 of 17, September 1997.
	8	Fyodor. Remote os detection via tcp/ip stack fingerprinting. Phrack Magazine, 8(54):Article 09 of 12, December 1998.
	9	Dragan Gaaevic , Dragan Djuric , Vladan Devedzic , Bran Selic, Model Driven Architecture and Ontology Development, Springer-Verlag New York, Inc., Secaucus, NJ, 2006
	10	B. Irwin and J.-P. van Riel. Inetvis: a graphical aid for the detection and visualisation of network scans. In Conference on Vizualisation Security (VizSec2007), 2007.
	11	Brian Caswell , Jay Beale , Andrew R.. Baker, Snort Intrusion Detection and Prevention Toolkit, Syngress Publishing, 2007
	12	Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004 [doi>10.1145/997150.997156]
	13	D. Moore. Network telescopes: Observing small or distant security events. Online: http://www.caida.org/publications/presentations/2002/usenix_sec/, Accessed: 16/06/2008.
	14	Ruoming Pang , Vinod Yegneswaran , Paul Barford , Vern Paxson , Larry Peterson, Characteristics of internet background radiation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy [doi>10.1145/1028788.1028794]
	15	D. Roelker, M. Norton, and J. Hewlett. sfPortscan.
	16	Stuart Staniford , James A. Hoagland , Joseph M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, v.10 n.1-2, p.105-136, 2002
	17	David E. Taylor, Survey and taxonomy of packet classification techniques, ACM Computing Surveys (CSUR), v.37 n.3, p.238-275, September 2005 [doi>10.1145/1108956.1108958]
	18	J.-P. van Riel and B. Irwin. Identifying and investigating intrusive scanning patterns by visualizing network telescope traffic in a 3-d scatter-plot. In H. Venter, J. Eloff, L. Labuschagne, and M. Eloff, editors, Proceedings of 6th Annual Information Security South Africa (ISSA) 2006. Information Security South Africa, 2006.
	19	Jean-Pierre van Riel , Barry Irwin, InetVis, a visual tool for network telescope traffic analysis, Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa, January 25-27, 2006, Cape Town, South Africa [doi>10.1145/1108590.1108604]
	20	Vinod Yegneswaran , Paul Barford , Johannes Ullrich, Internet intrusions: global characteristics and prevalence, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA