| Autor: |
Khan, Kamran, Syed, Affan, Khayam, Ali |
| Rok vydání: |
2013 |
| Předmět: |
|
| Druh dokumentu: |
Working Paper |
| Popis: |
This paper aims to improve the accuracy of port-scan detectors by analyzing traffic of BitTorrent hosts and differentiating their respective BitTorrent connection (attempts) from port-scans. It is shown that by looking at BitTorrent coordination traffic and modelling port-scanning behavior the number of BitTorrent-related false positives can be reduced by 80% without any loss of IDS accuracy. |
| Databáze: |
arXiv |
| Externí odkaz: |
|
