Scan detection: A data mining approach

Gyorgy J Simon, Hui Xiong, Eric Eilertson, Vipin Kumar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

A precursor to many attacks on networks is often a reconnaissance operation, more commonly referred to as a scan. Despite the vast amount of attention focused on methods for scan detection, the state-of-the-art methods suffer from high rate of false alarms and low rate of scan detection. In this paper, we formalize the problem of scan detection as a data mining problem. We show how the network traffic data sets can be converted into a data set that is appropriate for running off-the-shelf classifiers on. Our method successfully demonstrates that data mining models can encapsulate expert knowledge to create an adaptable algorithm that can substantially outperform state-of-the-art methods for scan detection in both coverage and precision.

Original languageEnglish (US)
Title of host publicationProceedings of the Sixth SIAM International Conference on Data Mining
PublisherSociety for Industrial and Applied Mathematics
Pages118-129
Number of pages12
ISBN (Print)089871611X, 9780898716115
DOIs
StatePublished - 2006
EventSixth SIAM International Conference on Data Mining - Bethesda, MD, United States
Duration: Apr 20 2006Apr 22 2006

Publication series

NameProceedings of the Sixth SIAM International Conference on Data Mining
Volume2006

Other

OtherSixth SIAM International Conference on Data Mining
Country/TerritoryUnited States
CityBethesda, MD
Period4/20/064/22/06

Fingerprint

Dive into the research topics of 'Scan detection: A data mining approach'. Together they form a unique fingerprint.

Cite this