Abstract
This chapter proposes an approach to combine different mechanisms of network scanning protection against malefactors’ reconnaissance actions and network worms. This approach can be implemented as a part of protection mechanisms in corporate information systems, including Geographical Information Systems (GIS). The approach allows improving highly the scanning protection effectiveness due to reducing the false positive rate and increasing the detection accuracy. Particular scanning techniques are outlined. The core combining principles and architectural enhancements of the common scanning detection model are considered. An approach to automatically adjust the parameters of used mechanisms based on statistical data about network traffic is also suggested.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chechulin AA, Kotenko IV (2008) Investigation of Virus Throttling Defense Mechanisms against Network Worms. In: Information Security. Inside, 3:68–73 (in Russian)
Chen S, Tang Y (2004) Slowing Down Internet Worms. In: Proceedings of the 24th International Conference on Distributed Computing Systems
Curran K, Morrissey C, Fagan C, Murphy C, O’Donnel B, Fitzpatrick G, Condit S (2005) Monitoring Hacker Activity with a Honeynet. International Journal of Network Management, 15:123–134
Jung J, Paxson V, Berger AW, Balakrishnan H (2004) Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, Oakland, California, pp 211–225
Jung J (2006) Real-Time Detection of Malicious Network Activity Using Stochastic Models. PhD Theses. MIT
Kotenko I (2009) Framework for Integrated Proactive Network Worm Detection and Response. In: Proceedings of the 17th Euromicro International Conference on Parallel, Distributed and network-based Processing (PDP 2009). IEEE Computer Society, 2009. pp 379–386
Kotenko IV, Vorontsov VV, Chechulin AA, Ulanov AV (2009). Proactive security mechanisms against network worms: approach, implementation and results of experiments. Information Technologies, 1:37–42 (in Russian)
Moore D (2002) Network Telescopes: Observing Small or Distant Security Events. In: Proceedings of the 11th USENIX Security Symposium
Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N (2003) Inside the Slammer Worm. IEEE Security and Privacy Magazine 1:33–39
Moore D, Shannon C, Voelker G, Savage S (2004) Network Telescopes: Technical Report, Caida
Provos NA (2004) A virtual Honeypot Framework. In: SSYM’04 Proceedings of the 13th conference on USENIX Security Symposium, Vol.13. San Diego, CA
Sanchez M (2007) Virus Throttle as basis for ProActive Defense. In: Communications in Computer and Information Science (CCIS), Vol.1, Springer
Schechter S, Jung J, Berger AW (2004) Fast Detection of Scanning Worm Infections. In: Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection, French Riviera, France
Twycross J, Williamson MM (2003) Implementing and testing a virus throttle. In: Proceedings of the 12th USENIX Security Symposium, Washington DC, pp 285–294
Weaver N, Staniford S, Paxson V (2004) Very fast containment of scanning worms. In: Proceedings of the 13th USENIX Security Symposium
Whyte D, Kranakis E, Oorschot PC (2005) DNS-based Detection of Scanning Worms in an Enterprise Network. In: Proceedings of the Network and Distributed System Security Symposium
Williamson MM (2002) Throttling viruses: Restricting propagation to defeat malicious mobile code. In: Proceedings of the 18th Annual Computer Security Applications Conference 1–61. IEEE Computer Society, Washington
Wong C, Bielski S, Studer A, Wang C. (2006) Empirical Analysis of Rate Limiting Mechanisms. In: Lecture Notes in Computer Science, Vol. 3858, Springer, 2006
Zuev D, Moore AW (2005) Traffic Classification using a Statistical Approach. In: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, Banff, Alberta, Canada
Acknowledgments
This research is supported by grant from the Russian Foundation of Basic Research (project â„– 10-01-00826-a), program of fundamental research of the Department for Nanotechnologies and Informational Technologies of the Russian Academy of Sciences (contract â„– 3.2) and partly funded by the EU as part of the SecFutur and MASSIF projects.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Kotenko, I., Chechulin, A., Doynikova, E. (2011). Combining of Scanning Protection Mechanisms in GIS and Corporate Information Systems. In: Popovich, V., Claramunt, C., Devogele, T., Schrenk, M., Korolenko, K. (eds) Information Fusion and Geographic Information Systems. Lecture Notes in Geoinformation and Cartography(), vol 5. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19766-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-19766-6_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19765-9
Online ISBN: 978-3-642-19766-6
eBook Packages: Earth and Environmental ScienceEarth and Environmental Science (R0)