Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2007
IEEE
2007
IEEE
Tracking Darkports for Network Defense
We exploit for defensive purposes the concept of darkports – the unused ports on active systems. We are particularly interested in such ports which transition to become active (i.e., become trans-darkports). Darkports are identified by passively observing and characterizing the connectivity behavior of internal hosts in a network as they respond to both legitimate connection attempts and scanning attempts. Darkports can be used to detect sophisticated scanning activity, enable fine-grained automated defense against automated malware attacks, and detect real-time changes in a network that may indicate a successful compromise. We show, in a direct comparison with Snort, that darkports offer a better scanning detection capability with fewer false positives and negatives. Our results also show that the network awareness gained by the use of darkports enables active response options to be safely focused exclusively on those systems that directly threaten the network. Finally, our evalu...
Real-time TrafficACSAC 2007 | Legitimate Connection Attempts | Security Privacy | Sophisticated Scanning Activity | Successful Compromises |
Related Content
| Added | 02 Jun 2010 |
| Updated | 02 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ACSAC |
| Authors | David Whyte, Paul C. van Oorschot, Evangelos Kranakis |
Comments (0)
Researcher Info
|
