Visible to the public Combating TCP Port Scan Attacks Using Sequential Neural Networks

TitleCombating TCP Port Scan Attacks Using Sequential Neural Networks
Publication TypeConference Paper
Year of Publication2020
AuthorsHartpence, B., Kwasinski, A.
Conference Name2020 International Conference on Computing, Networking and Communications (ICNC)
Date PublishedFeb. 2020
ISBN Number978-1-7281-4905-9
Keywordsattack reconnaissance tool, classification, Communication networks, complex TCP classes, computer network security, general packetized traffic, learning (artificial intelligence), Network reconnaissance, neural nets, Neural networks, NMAP scan pcap files, port scans, pubcrawl, resilience, Resiliency, Scalability, sequential neural networks, TCP datagrams, TCP packet, TCP port scan attacks, telecommunication traffic, transport protocols

Port scans are a persistent problem on contemporary communication networks. Typically used as an attack reconnaissance tool, they can also create problems with application performance and throughput. This paper describes an architecture that deploys sequential neural networks (NNs) to classify packets, separate TCP datagrams, determine the type of TCP packet and detect port scans. Sequential networks allow this lengthy task to learn from the current environment and to be broken up into component parts. Following classification, analysis is performed in order to discover scan attempts. We show that neural networks can be used to successfully classify general packetized traffic at recognition rates above 99% and more complex TCP classes at rates that are also above 99%. We demonstrate that this specific communications task can successfully be broken up into smaller work loads. When tested against actual NMAP scan pcap files, this model successfully discovers open ports and the scan attempts with the same high percentage and low false positives.

Citation Keyhartpence_combating_2020