【摘要】 针对低速端口扫描进行了研究,根据低速扫描的时间持续性和特征分散性,提出了一种基于持续增量模型的低速端口扫描检测算法,结合条件熵对特征分布的评估达到检测目的。实验结果表明,该算法的检测率能达到99. 78%,且误报率为7%。其适用于多种复杂网络环境,且不需要网络先验知识,同时检测率对阈值的精确性要求低,能够有效检测到低速端口扫描行为。更多还原

【Abstract】 This paper studied low-speed port scanning. According to the time persistence and feature dispersion of low-speed scanning,it proposed a low-speed port scanning detection algorithm based on continuous incremental model. it used the conditional entropy to evaluate the feature distribution. The experimental results show that the detection rate of the algorithm can reach 99. 78%,and the false positive rate is 7%. The algorithm is applicable to a variety of complex network environments,and does not require network prior knowledge. The detection rate has low accuracy on the threshold,and can effectively detect low-speed port scanning behavior.更多还原