Autor: |
Khan, Kamran, Syed, Affan, Khayam, Ali |
Rok vydání: |
2013 |
Předmět: |
|
Druh dokumentu: |
Working Paper |
Popis: |
This paper aims to improve the accuracy of port-scan detectors by analyzing traffic of BitTorrent hosts and differentiating their respective BitTorrent connection (attempts) from port-scans. It is shown that by looking at BitTorrent coordination traffic and modelling port-scanning behavior the number of BitTorrent-related false positives can be reduced by 80% without any loss of IDS accuracy. |
Databáze: |
arXiv |
Externí odkaz: |
|