{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T04:03:53Z","timestamp":1746331433144,"version":"3.40.4"},"reference-count":26,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,1]]},"abstract":"<jats:p>The authors propose in this paper an on-line algorithm based on Bloom filters to detect port scan attacks in IP traffic. Only relevant information about destination IP addresses and destination ports are stored in two steps in a two-dimensional Bloom filter. This algorithm can be indefinitely performed on a real traffic stream thanks to a new adaptive refreshing scheme that closely follows traffic variations. It is a scalable algorithm able to deal with IP traffic at a very high bit rate thanks to the use of hashing functions over a sliding window. Moreover it does not need any a priori knowledge about traffic characteristics. When tested against real IP traffic, the proposed on-line algorithm performs well in the sense that it detects all the port scan attacks within a very short response time of only 10 seconds without any false positive.<\/jats:p>","DOI":"10.4018\/ijsse.2014010104","type":"journal-article","created":{"date-parts":[[2014,6,17]],"date-time":"2014-06-17T14:03:29Z","timestamp":1403013809000},"page":"61-74","source":"Crossref","is-referenced-by-count":0,"title":["Improving the Detection of On-Line Vertical Port Scan in IP Traffic"],"prefix":"10.4018","volume":"5","author":[{"given":"Christine","family":"Fricker","sequence":"first","affiliation":[{"name":"INRIA, Le Chesnay, France"}]},{"given":"Philippe","family":"Robert","sequence":"additional","affiliation":[{"name":"INRIA, Le Chesnay, France"}]},{"given":"Yousra","family":"Chabchoub","sequence":"additional","affiliation":[{"name":"ISEP, Paris, France"}]}],"member":"2432","reference":[{"doi-asserted-by":"publisher","key":"ijsse.2014010104-0","DOI":"10.1145\/362686.362692"},{"unstructured":"Bratbergsengen, K. (1984). Hashing methods and relational algebra operations. In Proceedings of the Tenth International Conference on Very Large Data Base (pp. 323-333).","key":"ijsse.2014010104-1"},{"unstructured":"Chabchoub, Y., Fricker, C., & Mohamed, H. (2009). Analysis of a Bloom Filter algorithm via the supermarket model. In Proceedings of the International Teletraffic Congress\u201909 (pp. 1-8).","key":"ijsse.2014010104-2"},{"doi-asserted-by":"crossref","unstructured":"Dabbagh, M., Ghandour, A., Fawaz, K., Hajj, W., & Hajj, H. (2011). Slow port scanning detection. In Proceedings of the 7th conference on Information Assurance and Security (IAS) (pp. 128-133).","key":"ijsse.2014010104-3","DOI":"10.1109\/ISIAS.2011.6122824"},{"year":"1999","author":"M.Devivo","journal-title":"A review of port scanning techniques","key":"ijsse.2014010104-4"},{"doi-asserted-by":"crossref","unstructured":"Dilip, D. K., Feng, W. C., Shin, K. G., & Saha, D. (2001) Stochastic fair blue: A queue management algorithm for enforcing fairness. In Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM-01) (vol. 3, pp. 1520-1529).","key":"ijsse.2014010104-5","DOI":"10.1109\/INFCOM.2001.916648"},{"unstructured":"Druschel, P., & Rowstron, A. (2001). Storage management and caching in past, a large-scale, persistent peer-to-peer storage utility. In Proceedings of the Eighteenth ACM Symposium on Operations Systems Principles (pp. 188-201).","key":"ijsse.2014010104-6"},{"doi-asserted-by":"crossref","unstructured":"Estan, C., & Varghese, G. (2002). New directions in traffic measurement and accounting. In Proceedings of the ACM 2002 SIGCOMM.","key":"ijsse.2014010104-7","DOI":"10.1145\/633025.633056"},{"doi-asserted-by":"publisher","key":"ijsse.2014010104-8","DOI":"10.1109\/90.851975"},{"doi-asserted-by":"crossref","unstructured":"Flajolet, P., Fusy, E., Gandouet, O., & Meunier, F. (2007). Hyperloglog: The analysis of a near-optimal cardinality estimation algorithm. In Proceedings of the 13th Conference on Analysis of Algorithm (AofA 07) (pp. 127-146).","key":"ijsse.2014010104-9","DOI":"10.46298\/dmtcs.3545"},{"doi-asserted-by":"publisher","key":"ijsse.2014010104-10","DOI":"10.1016\/0022-0000(85)90041-8"},{"unstructured":"Foundstone. (n.d.). A division of McAfee superscan. Retrieved from http:\/\/www.foundstone.com\/us\/resources\/proddesc\/superscan.htm.","key":"ijsse.2014010104-11"},{"doi-asserted-by":"crossref","unstructured":"Giroire, F., & Fusy, E. (2007) Estimating the number of active flows in a data stream over a sliding window. In D. Applegate, (Ed.), Proceedings of the Fourth Workshop on Analytic Algorithmics and Combinatorics (ANALC0) (pp. 223-231). SIAM.","key":"ijsse.2014010104-12","DOI":"10.1137\/1.9781611972979.9"},{"doi-asserted-by":"crossref","unstructured":"Gronvall, B. (2002). Scalable multicast forwarding. In Proceedings of the ACM 2002 SIGCOMM Conference.","key":"ijsse.2014010104-13","DOI":"10.1145\/510726.510742"},{"doi-asserted-by":"crossref","unstructured":"Heberlein, T., Dias, G., Levitt, K., Mukherjee, B., Wood, J., & Wolber, D. (1990). A network security monitor. In Proceedings of RISP90.","key":"ijsse.2014010104-14","DOI":"10.1109\/RISP.1990.63859"},{"doi-asserted-by":"publisher","key":"ijsse.2014010104-15","DOI":"10.1109\/TCOM.1982.1095395"},{"key":"ijsse.2014010104-16","article-title":"Surveying port scans and their detection methodologies.","author":"H.Monowar","year":"2010","journal-title":"The Computer Journal"},{"doi-asserted-by":"publisher","key":"ijsse.2014010104-17","DOI":"10.1109\/32.52778"},{"doi-asserted-by":"publisher","key":"ijsse.2014010104-18","DOI":"10.1002\/spe.4380200607"},{"unstructured":"Nessus: Tenable network security inc. (n.d.). Columbia. nessus. Retrieved from http:\/\/www.nessus.org\/nessus\/","key":"ijsse.2014010104-19"},{"unstructured":"Nmap. (n.d.). Retrieved from http:\/\/nmap.org","key":"ijsse.2014010104-20"},{"doi-asserted-by":"crossref","unstructured":"Robertson, S., Siegel, E. V., Miller, M., & Stolfo, S. J. (2003). Surveillance detection in high bandwidth environments. In Proceeding of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX-III).","key":"ijsse.2014010104-21","DOI":"10.1109\/DISCEX.2003.1194879"},{"unstructured":"Roesch, M. (1999) Snort-lightweight intrusion detection for networks. In Proceedings of LISA99, Seattle, WA.","key":"ijsse.2014010104-22"},{"key":"ijsse.2014010104-23","doi-asserted-by":"crossref","first-page":"105","DOI":"10.3233\/JCS-2002-101-205","article-title":"Practical automated detection of stealthy portscans. Journal of.","volume":"10","author":"S.Staniford","year":"2002","journal-title":"Computers & Security"},{"doi-asserted-by":"crossref","unstructured":"Stoica, I., Morris, R., Karger, D., Kaashoek, M. F., & Balakrishnan, H. (2001). Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM Computer Communication Review (Proceedings of the ACM 2001 SIGCOMM Conference), 31(4), 149-160.","key":"ijsse.2014010104-24","DOI":"10.1145\/383059.383071"},{"doi-asserted-by":"crossref","unstructured":"Whitaker, A., & Wetherall, D. (2002). Forwarding without loops in Icarus. In Proceedings of the Fifth IEEE Conference on Open Architectures and Network Programming (OPENARCH) (pp. 63-75).","key":"ijsse.2014010104-25","DOI":"10.1109\/OPNARC.2002.1019229"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=109581","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T10:50:21Z","timestamp":1746269421000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijsse.2014010104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,1]]},"references-count":26,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2014010104","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"type":"print","value":"1947-3036"},{"type":"electronic","value":"1947-3044"}],"subject":[],"published":{"date-parts":[[2014,1]]}}}