Space-Efficient Structures for Detecting Port Scans

  • Ali Şaman Tosun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4653)


Port scans aim to detect the services running on a computer to find vulnerabilities of a computer. Although detecting port scans using a database system is possible, it requires too much space and computational overhead and is not feasible under high load. In this paper, we propose space-efficient structures to detect parameterized versions of port scans. We investigate both exact and approximate structures for the problems. Proposed schemes are lightweight, require low space overhead, low computational overhead and can handle high load.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alon, N., Matias, Y., Szegedy, M.: The space complexity of approximating the frequency moments. Journal of Computer and System Sciences 58(1), 137–147 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Amer-Yahia, S., Johnson, T.: Optimizing queries on compressed bitmaps. In: The VLDB Journal, pp. 329–338 (2000)Google Scholar
  3. 3.
    Antoshenkov, G.: Byte-aligned bitmap compression. In: Data Compression Conference, Oracle Corp, Nashua, NH (1995)Google Scholar
  4. 4.
    Apaydin, T., Canahuate, G., Ferhatosmanoglu, H., Tosun, A.Ş.: Approximate encoding for direct access and query processing over compressed streams. In: 32nd International Conference on Very Large Data Bases, pp. 457–846 (2006)Google Scholar
  5. 5.
    Bar-Yossef, Z., Jayram, T.S., Kumar, R., Sivakumar, D., Trevisan, L.: Counting distinct elements in a data stream. In: RANDOM (2002)Google Scholar
  6. 6.
    Bloom, B.: Space/time tradeoffs in hash coding with allowable errors. Communications of the ACM 13(7), 422–426 (1970)zbMATHCrossRefGoogle Scholar
  7. 7.
    Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. In: Proceedings of the 40th Annual Allerton Conference on Communication, Control, and Computing, pp. 636–646 (2002)Google Scholar
  8. 8.
    Chan, C.Y., Ioannidis, Y.E.: Bitmap index design and evaluation. In: Proceedings of the 1998 ACM SIGMOD international conference on Management of data, pp. 355–366. ACM Press, New York (1998)CrossRefGoogle Scholar
  9. 9.
    Chan, C.Y., Ioannidis, Y.E.: An efficient bitmap encoding scheme for selection queries. SIGMOD Rec. 28(2), 215–226 (1999)CrossRefGoogle Scholar
  10. 10.
    Feng, W.c., Kandlur, D.D., Saha, D., Shin, K.G.: Stochastic Fair Blue: A Queue Management Algorithm for Enforcing Fairness. In: Proc. of INFOCOM, vol. 3, p. 1520–1529 (April 2001)Google Scholar
  11. 11.
    Durand, M., Flajolet, P.: Loglog counting of large cardinalities. In: Di Battista, G., Zwick, U. (eds.) ESA 2003. LNCS, vol. 2832, Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Fan, L., Cao, P., Almeida, J., Broder, A.: Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol. In: IEEE/ACM Transactions on Networking, Canada, ACM Press, New York (2000)Google Scholar
  13. 13.
    Fan, L., Cao, P., Almeida, J., Broder, A.: Web cache sharing. Collaborating Web caches use bloom filter to represent local set of cached files to reduce the netwrok traffic. In: IEEE/ACM Transactions on Networking, ACM Press, New York (2000)Google Scholar
  14. 14.
    Flajolet, P., Martin, G.N.: Probabilistic counting algorithms for database applications. Journal of Computer and System Sciences 31(2) (1985)Google Scholar
  15. 15.
    Koudas, N.: Space efficient bitmap indexing. In: Proceedings of the ninth international conference on Information and knowledge management, pp. 194–201. ACM Press, New York (2000)CrossRefGoogle Scholar
  16. 16.
    Kumar, A., Xu, J.J., Wang, J., Li, L.: Algorithms: Space-code bloom filter for efficient traffic flow measurement. In: Proceedings of the 2003 ACM SIGCOMM conference on Internet measurement, October 2003, ACM Press, New York (2003)Google Scholar
  17. 17.
    Mishra, P., Eich, M.H.: Join processing in relational databases. In: ACM Computing Surveys (CSUR), March 1992, ACM Press, New York (1992)Google Scholar
  18. 18.
    Mullin, J.K.: Estimating the size of joins in distributed databases where communication cost must be maintained low. In: IEEE Transactions on Software Engineering, IEEE Computer Society Press, Los Alamitos (1990)Google Scholar
  19. 19.
    Mullin, J.K.: Optimal semijoins for distributed database systems. IEEE Transactions on Software Engineering 16, 558–560 (1990)CrossRefGoogle Scholar
  20. 20.
    O’Neil, P.E., Quass, D.: Improved query performance with variant indexes. In: Proceedings of the 1997 ACM SIGMOD international conference on Management of data, pp. 38–49. ACM Press, New York (1997)CrossRefGoogle Scholar
  21. 21.
    Snoeren, A.C.: Hash-based IP traceback. In: ACM SIGCOMM Computer Communication Review, ACM Press, New York (2001)Google Scholar
  22. 22.
    Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Schwartz, B., Kent, S.T., Strayer, W.T.: IP Traceback to record packet digests traffic forwarded by the routers. IEEE/ACM Transactions on Networking (TON) (December 2002)Google Scholar
  23. 23.
    Stockinger, K.: Bitmap indices for speeding up high-dimensional data analysis. In: Proceedings of the 13th International Conference on Database and Expert Systems Applications, pp. 881–890. Springer, Heidelberg (2002)Google Scholar
  24. 24.
    Whitaker, A., Wetherall, D.: Detecting loops in small networks. In: 5th IEEE Conference on Open Architectures and Network Programming (OPENARCH) (June 2002)Google Scholar
  25. 25.
    Wu, K., Otoo, E.J., Shoshani, A.: A performance comparison of bitmap indexes. In: Proc. Conf. on 10th International Conference on Information and Knowledge Management, pp. 559–561. ACM Press, New York (2001)Google Scholar
  26. 26.
    Wu, K., Otoo, E.J., Shoshani, A.: Compressing bitmap indexes for faster search operations. In: SSDBM, Edinburgh, Scotland, pp. 99–108 (July 2002)Google Scholar
  27. 27.
    Wu, M.C.: Query optimization for selections using bitmaps. In: Proceedings of the 1999 ACM SIGMOD international conference on Management of data, pp. 227–238. ACM Press, New York (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ali Şaman Tosun
    • 1
  1. 1.Department of Computer Science, University of Texas at San Antonio 

Personalised recommendations