CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Port Scans: Real Numbers, Real Networks

Carrie Gates - Carnegie Mellon University

Nov 12, 2003


Port scans have traditionally received little attention in the research
literature. It is widely assumed that port scans are very common, yet there
are no studies quantifying this belief, nor is there a single agreed-upon
definition of what constitutes a port scan. Current detection methods,
including both anomaly analysis and thresholding schemes, are also widely
assumed to be sufficient for detecting port scans. Yet no studies have
determined what are appropriate thresholds, nor how well these or the
anomaly detection methods work. In this talk, I will introduce a new
research effort underway at the CERT Analysis Center that has the aim of
detecting both single-source and distributed port scans. Some initial
results from applying this new method of scan detection to the network logs
of a large organization will be presented, quantifying the amount and type
of scanning activity occuring. Finally, we will discuss some of the open
research issues still to be solved in this area, and conclude with setting
port scans in a larger research framework.

About the Speaker

Carrie Gates is a visiting scientist with the CERT Analysis Center at the
Software Engineering Institute, Carnegie Mellon University, where she is
working on her PhD dissertation in the area of distributed port scanning.
She has received numerous scholarships, including the IBM Scholars PhD
Fellowship, awarded in 2003. She holds a M.Sc. degree in Computer Science,
and has nearly 10 years of professional experience in the information
technology industry, including private industry, government, not-for-profit
organizations and academia. Most recently, she was the Systems Manager for
the Faculty of Computer Science at Dalhousie University, where she developed
her interest in network and system security.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.