Collaborative Inter-domain Stealthy Port Scan Detection Using Esper Complex Event Processing (original) (raw)

Collaborative Financial Infrastructure Protection: Tools, Abstractions, and Middleware, 2012

Abstract

This chapter describes a specific instance of a Semantic Room that makes use of the well-known centralized complex event processing engine Esper in order to effectively detect inter-domain malicious port scan activities. The Esper engine is deployed by the SR administrator and correlates a massive amount of network traffic data exhibiting the evidence of distributed port scans. The chapter presents two interdomain SYN scan detection algorithms that have been designed and implemented in Esper and then ...

Leonardo Aniello hasn't uploaded this paper.

Let Leonardo know you want this paper to be uploaded.

Ask for this paper to be uploaded.