Abstract

Researchers have done lots of work in scan attack detection. Various methods have been proposed. Although these methods can defense some scan attacks from hackers in some degree, there are lots of missing detections and false alerts. Especially current intrusion detection systems are difficult to satisfy the demand of large-scale distributed network. After we carefully research on network topological architecture and scan attack method and mechanism, we find that scan attack always happened at network layer and transport layer. Then we propose a scan detection method based on distributed cooperative model. It is composed of feature-based detection, scenario-based detection and statistic-based detection. The experiment results show that this method has obvious advantages. It can efficiently detect more scan attacks.