$post array (20)
datum => string (10) "01.01.2018"
$post['datum']
veroeffentlichungsart => array (10)
$post['veroeffentlichungsart']
term_id => integer 838
$post['veroeffentlichungsart']['term_id']
name => UTF-8 string (22) "Zeitschriftenbeiträge"
$post['veroeffentlichungsart']['name']
slug => string (26) "246_zeitschriftenbeitraege"
$post['veroeffentlichungsart']['slug']
term_group => integer 0
$post['veroeffentlichungsart']['term_group']
term_taxonomy_id => integer 838
$post['veroeffentlichungsart']['term_taxonomy_id']
taxonomy => string (21) "veroeffentlichungsart"
$post['veroeffentlichungsart']['taxonomy']
description => string (0) ""
$post['veroeffentlichungsart']['description']
parent => integer 0
$post['veroeffentlichungsart']['parent']
count => integer 444
$post['veroeffentlichungsart']['count']
filter => string (3) "raw"
$post['veroeffentlichungsart']['filter']
forschungsschwerpunkt => array (10)
$post['forschungsschwerpunkt']
term_id => integer 899
$post['forschungsschwerpunkt']['term_id']
name => string (37) "HRK Schwerpunkt Sensorik und Analytik"
$post['forschungsschwerpunkt']['name']
slug => string (41) "155_hrk-schwerpunkt-sensorik-und-analytik"
$post['forschungsschwerpunkt']['slug']
term_group => integer 0
$post['forschungsschwerpunkt']['term_group']
term_taxonomy_id => integer 899
$post['forschungsschwerpunkt']['term_taxonomy_id']
taxonomy => string (21) "forschungsschwerpunkt"
$post['forschungsschwerpunkt']['taxonomy']
description => string (0) ""
$post['forschungsschwerpunkt']['description']
parent => integer 0
$post['forschungsschwerpunkt']['parent']
count => integer 72
$post['forschungsschwerpunkt']['count']
filter => string (3) "raw"
$post['forschungsschwerpunkt']['filter']
autoren => array (3)
$post['autoren']
  • Table (3)
  • Contents (3)
  • namelinkinternpersonenkennziffer
    0M. Ringfalse
    1Dieter Landeshttps://www.hs-coburg.de/personen/prof-dr-dieter-landes/true
    2A. Hothofalse
  • 0 => array (4)
    $post['autoren'][0]
    name => string (7) "M. Ring"
    $post['autoren'][0]['name']
    link => string (0) ""
    $post['autoren'][0]['link']
    intern => boolean false
    $post['autoren'][0]['intern']
    personenkennziffer => string (0) ""
    $post['autoren'][0]['personenkennziffer']
    1 => array (4)
    $post['autoren'][1]
    name => string (13) "Dieter Landes"
    $post['autoren'][1]['name']
    link => string (56) "https://www.hs-coburg.de/personen/prof-dr-dieter-landes/"
    $post['autoren'][1]['link']
    intern => boolean true
    $post['autoren'][1]['intern']
    personenkennziffer => string (0) ""
    $post['autoren'][1]['personenkennziffer']
    2 => array (4)
    $post['autoren'][2]
    name => string (8) "A. Hotho"
    $post['autoren'][2]['name']
    link => string (0) ""
    $post['autoren'][2]['link']
    intern => boolean false
    $post['autoren'][2]['intern']
    personenkennziffer => string (0) ""
    $post['autoren'][2]['personenkennziffer']
titel => string (58) "Detection of slow port scans in flow-based network traffic"
$post['titel']
medien => string (8) "PLOS ONE"
$post['medien']
doi => string (44) "https://doi.org/10.1371/journal.pone.0204507"
$post['doi']
weblink => string (0) ""
$post['weblink']
abstract => string (1093) "Frequently, port scans are early indicators of more serious attacks. Unfortu...
$post['abstract']
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of slow port scans in company networks is challenging due to the massive amount of network data. This paper proposes an innovative approach for preprocessing flow-based data which is specifically tailored to the detection of slow port scans. The preprocessing chain generates new objects based on flow-based data aggregated over time windows while taking domain knowledge as well as additional knowledge about the network structure into account. The computed objects are used as input for the further analysis. Based on these objects, we propose two different approaches for detection of slow port scans. One approach is unsupervised and uses sequential hypothesis testing whereas the other approach is supervised and uses classification algorithms. We compare both approaches with existing port scan detection algorithms on the flow-based CIDDS-001 data set. Experiments indicate that the proposed approaches achieve better detection rates and exhibit less false alarms than similar algorithms.
heft => string (1) "9"
$post['heft']
band => string (7) "2018 13"
$post['band']
artikelnummer => string (0) ""
$post['artikelnummer']
isbn => string (0) ""
$post['isbn']
herausgeber => string (0) ""
$post['herausgeber']
seiten => string (0) ""
$post['seiten']
open_access => null
$post['open_access']
peer_reviewed => boolean true
$post['peer_reviewed']
detailseite => boolean false
$post['detailseite']
zitierung => string (159) "Ring, M.; Landes, Dieter; Hotho, A. (2018): Detection of slow port scans in ...
$post['zitierung']
Ring, M.; Landes, Dieter; Hotho, A. (2018): Detection of slow port scans in flow-based network traffic. PLOS ONE 2018 13 (9). DOI: 10.1371/journal.pone.0204507
permalink => string (101) "https://www.hs-coburg.de/publikation/2520-detection-of-slow-port-scans-in-fl...
$post['permalink']
https://www.hs-coburg.de/publikation/2520-detection-of-slow-port-scans-in-flow-based-network-traffic/
Called from <ROOT>/wp-content/themes/Avada-Child-Theme/inc/bayfis-content.php:57 [d()]
  1. <ROOT>/wp-includes/shortcodes.php:434 [render_acf_publikation_content()]
  2. <ROOT>/wp-includes/shortcodes.php:273 [preg_replace_callback()]
  3. <ROOT>/wp-content/plugins/fusion-builder/shortcodes/fusion-code-block.php:45 [do_shortcode()]
  4. <ROOT>/wp-includes/shortcodes.php:434 [FusionSC_Code_Block->render()]
  5. <ROOT>/wp-includes/shortcodes.php:273 [preg_replace_callback()]
  6. <ROOT>/wp-content/plugins/fusion-builder/inc/class-fusion-column-element.php:588 [do_shortcode()]
  7. <ROOT>/wp-includes/shortcodes.php:434 [Fusion_Column_Element->render()]
  8. <ROOT>/wp-includes/shortcodes.php:273 [preg_replace_callback()]
  9. <ROOT>/wp-content/plugins/fusion-builder/inc/class-fusion-row-element.php:123 [do_shortcode()]
  10. <ROOT>/wp-includes/shortcodes.php:434 [Fusion_Row_Element->render()]
  11. <ROOT>/wp-includes/shortcodes.php:273 [preg_replace_callback()]
  12. <ROOT>/wp-content/plugins/fusion-builder/shortcodes/fusion-container.php:1095 [do_shortcode()]
  13. <ROOT>/wp-includes/shortcodes.php:434 [FusionSC_Container->render()]
  14. <ROOT>/wp-includes/shortcodes.php:273 [preg_replace_callback()]
  15. <ROOT>/wp-includes/class-wp-hook.php:324 [do_shortcode()]
  16. <ROOT>/wp-includes/plugin.php:205 [WP_Hook->apply_filters()]
  17. <ROOT>/wp-content/plugins/fusion-builder/inc/class-fusion-template-builder.php:1554 [apply_filters()]
  18. <ROOT>/wp-content/plugins/fusion-builder/inc/class-fusion-template-builder.php:1186 [Fusion_Template_Builder->render_content()]
  19. <ROOT>/wp-includes/class-wp-hook.php:324 [Fusion_Template_Builder->render_content_override()]
  20. <ROOT>/wp-includes/class-wp-hook.php:348 [WP_Hook->apply_filters()]
  21. <ROOT>/wp-includes/plugin.php:517 [WP_Hook->do_action()]
  22. <ROOT>/wp-content/plugins/fusion-builder/templates/template-page.php:23 [do_action()]
  23. <ROOT>/wp-includes/template-loader.php:106
  24. <ROOT>/wp-blog-header.php:18
  25. <ROOT>/index.php:30

The website of Coburg University of Applied Sciences was translated using translation software provided by a third-party provider such as DeepL. The official text is the German version of the website. No liability is assumed, either explicitly or implicitly, for the accuracy, reliability, or correctness of the translations into another language.

Detection of slow port scans in flow-based network traffic

Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of slow port scans in company networks is challenging due to the massive amount of network data. This paper proposes an innovative approach for preprocessing flow-based data which is specifically tailored to the detection of slow port scans. The preprocessing chain generates new objects based on flow-based data aggregated over time windows while taking domain knowledge as well as additional knowledge about the network structure into account. The computed objects are used as input for the further analysis. Based on these objects, we propose two different approaches for detection of slow port scans. One approach is unsupervised and uses sequential hypothesis testing whereas the other approach is supervised and uses classification algorithms. We compare both approaches with existing port scan detection algorithms on the flow-based CIDDS-001 data set. Experiments indicate that the proposed approaches achieve better detection rates and exhibit less false alarms than similar algorithms.

Titel:

Detection of slow port scans in flow-based network traffic

Veröffentlichungsdatum:

01.01.2018

Publikationsart:

Zeitschriftenbeiträge

Forschungsschwerpunkt:

HRK Schwerpunkt Sensorik und Analytik

Medien:

PLOS ONE

DOI:

https://doi.org/10.1371/journal.pone.0204507

Weblink:

Heft:

9

Band:

2018 13

Artikelnummer:

ISBN:

Autoren:

M. Ring, Dieter Landes, A. Hotho

Medien:

PLOS ONE

Herausgeber:

Seiten:

Open Access:

Peer reviewed:

Ja

Zitierung:

Ring, M.; Landes, Dieter; Hotho, A. (2018): Detection of slow port scans in flow-based network traffic. PLOS ONE 2018 13 (9). DOI: 10.1371/journal.pone.0204507

Autoren:

M. Ring, Dieter Landes, A. Hotho