Hwang et al., 2019 - Google Patents
Effective Detecting Method of Nmap Idle ScanHwang et al., 2019
- Document ID
- 18153453981014951161
- Author
- Hwang J
- Kim M
- Publication year
- Publication venue
- Journal of JAITC
External Links
Snippet
In recent years, information collection of attacks through stealth port scanning technology has become more sophisticated. The most commonly used Nmap port scanner supports a variety of stealth scanning technologies along with the existing scanning techniques. Nmap …
- 238000001514 detection method 0 abstract description 27
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements or network protocols for addressing or naming
- H04L61/25—Network arrangements or network protocols for addressing or naming mapping of addresses of the same type; address translation
- H04L61/2503—Internet protocol [IP] address translation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gilad et al. | Spying in the dark: TCP and Tor traffic analysis | |
| US7734776B2 (en) | Automatically detecting malicious computer network reconnaissance by updating state codes in a histogram | |
| De Vivo et al. | A review of port scanning techniques | |
| US7536552B2 (en) | Upper-level protocol authentication | |
| US7356689B2 (en) | Method and apparatus for tracing packets in a communications network | |
| Osanaiye | Short Paper: IP spoofing detection for preventing DDoS attack in Cloud Computing | |
| US8181237B2 (en) | Method for improving security of computer networks | |
| US11777971B2 (en) | Bind shell attack detection | |
| Sikora et al. | On detection and mitigation of slow rate denial of service attacks | |
| CN101621428B (en) | Botnet detection method, botnet detection system and related equipment | |
| Guha et al. | Network security via reverse engineering of TCP code: Vulnerability analysis and proposed solutions | |
| Zhang et al. | Onis: Inferring tcp/ip-based trust relationships completely off-path | |
| Gupta et al. | Mitigation of dos and port scan attacks using snort | |
| Vishnu et al. | Denial of service: types, techniques, defence mechanisms and safe guards | |
| Mabsali et al. | Effectiveness of Wireshark Tool for Detecting Attacks and Vulnerabilities in Network Traffic | |
| Hwang et al. | Effective Detecting Method of Nmap Idle Scan | |
| KR101593897B1 (en) | Network scan method for circumventing firewall, IDS or IPS | |
| Tritilanunt et al. | Entropy-based input-output traffic mode detection scheme for dos/ddos attacks | |
| Sagatov et al. | Countering dns amplification attacks based on analysis of outgoing traffic | |
| Barnes et al. | k-p0f: A high-throughput kernel passive OS fingerprinter | |
| JP3986871B2 (en) | Anti-profiling device and anti-profiling program | |
| Nigam et al. | Man-in-the-middle-attack and proposed algorithm for detection | |
| Leu et al. | Intrusion detection with CUSUM for TCP-based DDoS | |
| Kalia et al. | Masking approach to secure systems from operating system fingerprinting | |
| Prabadevi et al. | A mitigation system for ARP cache poisoning attacks |