DynamicWEB: A method for reconnaissance activity profiling
Scanlan, J and Hartnett, J and Williams, R (2008) DynamicWEB: A method for reconnaissance activity profiling. In: The 2008 IEEE International Workshop on Cyberspace Safety and Security (CSS2008), 5th December 2008, Sydney, Australia.
|PDF - Full text restricted - Requires a PDF viewer|
Official URL: http://ieeexplore.ieee.org/Xplore/dynhome.jsp
Port scan correlation aims to differentiate between benign and malicious scans. In this paper we will examine a new method of profiling port scan activity in an attempt to link different source IP addresses to being the same end user. A data mining approach DynamicWEB based upon the COBWEB conceptual clustering algorithm is shown along with some preliminary results of it functioning within the context of scan correlation.
|Item Type:||Conference or Workshop Item (Paper)|
|Deposited By:||Mr J Scanlan|
|Deposited On:||14 Jan 2009 11:37|
|Last Modified:||14 Jan 2009 11:37|
|ePrint Statistics:||View statistics for this ePrint|
Repository Staff Only: item control page