Library Open Repository

Identifying Reconnaissance Activity: A Strategy for Network Defence

Downloads

Downloads per month over past year

Scanlan, J and Hartnett, J and Williams, R (2005) Identifying Reconnaissance Activity: A Strategy for Network Defence. In: 6th Australian Information Warfare and Security Conference, 25 - 26 November 2005, Geelong, Victoria.

[img]
Preview
PDF
IdentifyingReconAct.pdf | Download (87kB)
Available under University of Tasmania Standard License.

Abstract

Over recent years there has been a massive increase in the need to build stronger and more effective defensive systems in many contexts due to the amplified threat of terrorism. Network security is no exception to this increased need to secure systems against attack. One area within network security which has received a heightened interest is the correlation of reconnaissance activities, rather than merely blocking source addresses without further investigation. This paper will examine the work to date and detail how various researchers have approached the correlation of network scan activity, in relation to the detection of more overt malicious activity or network mapping. The systems that have been built contain two key components for examination: the correlation engine and the method by which data is collected and in some cases transported across the host network. After the summary of existing research this paper will then detail new work we are undertaking in this field, using clustering techniques in conjunction with a peer to peer network, to correlate port scan activity in real-time.

Item Type: Conference or Workshop Item (Paper)
Keywords: data correlation, attack detection
Date Deposited: 23 Aug 2006
Last Modified: 18 Nov 2014 03:11
URI: http://eprints.utas.edu.au/id/eprint/372
Item Statistics: View statistics for this item

Repository Staff Only (login required)

Item Control Page Item Control Page