A Portscan Detection Method Based on Dempster-Shafer Theory of Evidence

LAI Hai-guang; XU Feng; HUANG Hao; XIE Jun-yuan

您当前的位置：

首页 >

文章列表页 >

A Portscan Detection Method Based on Dempster-Shafer Theory of Evidence

更新时间：2025-07-16

- A Portscan Detection Method Based on Dempster-Shafer Theory of Evidence
- Acta Electronica Sinica Vol. 34, Issue 11, Pages: 1946-1950(2006)
- 作者机构：
  
  1. 南京大学计算机软件新技术国家重点实验室,江苏,南京,210093
  2. 解放军理工大学指挥自动化学院,江苏,南京,210007
  3. 南京航空航天大学信息科学与技术学院,江苏,南京,210016
  4. 南京大学计算机软件新技术国家重点实验室江苏南京,210093
  5. 解放军理工大学指挥自动化学院江苏南京,210007
  6. 南京航空航天大学信息科学与技术学院江苏南京,210016
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP393.08
- Published：2006
- 稿件说明：
移动端阅览
LAI Hai-guang, XU Feng, HUANG Hao, et al. A Portscan Detection Method Based on Dempster-Shafer Theory of Evidence[J]. Acta Electronica Sinica, 2006, 34(11): 1946-1950.
DOI：

LAI Hai-guang, XU Feng, HUANG Hao, et al. A Portscan Detection Method Based on Dempster-Shafer Theory of Evidence[J]. Acta Electronica Sinica, 2006, 34(11): 1946-1950. DOI：

摘要

端口扫描是通过对目标系统端口试探性的访问来判断端口是否开放的行为.它往往是攻击者入侵行为的第一步.端口扫描检测是入侵监测系统不可缺少的一部分

而当前端口扫描的检测方法不多

并且准确性不高.为提高扫描检测的准确性

本文使用Dempster-Shafer证据理论对两种扫描检测方法产生的数据进行融合:一种是基于端口分布特征的扫描检测方法

该方法简单且具有较高的检测率;另一种是基于序列假设测试的扫描检测方法

该方法充分利用了端口扫描的本质特征.实验结果表明

同单独使用基于端口分布特征或序列假设测试的方法相比

这种基于Dempster-Shafer证据理论的扫描检测方法对端口扫描的检测准确得多.

Abstract

Portscan is used to figure out whether the target system’s ports are open by trying to access these ports.It is usually the fist step of a sequence of intrusion actions.Portscan detection is an indispensable part of an intrusion detection system.However

there are only a few portscan detection methods nowadays.Moreover

they are not very accurate.In order to improve the accuracy of portscan detection

the data produced by two portscan detection methods is fused using Dempster-Shafer theory of evidence.One method is the ports distribution based portscan detection

which is very simple and has a pretty high detection ratio.The other is the sequential hypothesis testing based detection method

which sufficiently exploits the portscan’s essential character.The experiment shows that the portscan detection method based on Dempster-Shafer theory of evidence is far more accurate than the one base on ports distribution or sequential hypothesis testing.

关键词

Keywords

references

Views

1402

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Multi-Dimensional Dynamic Topology Learning Graph Convolution for Skeleton-Based Action Recognition

Skeleton Action Recognition Based on Multi-Stream Spatial Attention Graph Convolutional SRU Network

Intrusion Detection Method Based on Capsule Network for Industrial Internet

Multi-Vehicle Collaborative SLAM Framework for Minimum Loop Detection

Research on Two‑Dimensional Beam Focusing Impact Location Based on Probability Tomography

Related Author

LUO Hui-lan

CAO Li-jing

ZHAO Jun-nan

SHE Qing-shan

MENG Ming

CHEN Yun

HU Xiang-dong

LI Zhi-han

Related Institution

School of Information Engineering， Jiangxi University of Science and Technology

College of Automation, Hangzhou Dianzi University

School of Automation/School of Industrial Internet, Chongqing University of Posts and Telecommunications

School of Computer Science and Engineering， Sun Yat-Sen University

Shenzhen Institute， Sun Yat-sen University

⁰