Carrie Gates - Carnegie Mellon University
Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.
Port Scans: Real Numbers, Real Networks
Nov 12, 2003
Abstract
Port scans have traditionally received little attention in the researchliterature. It is widely assumed that port scans are very common, yet there
are no studies quantifying this belief, nor is there a single agreed-upon
definition of what constitutes a port scan. Current detection methods,
including both anomaly analysis and thresholding schemes, are also widely
assumed to be sufficient for detecting port scans. Yet no studies have
determined what are appropriate thresholds, nor how well these or the
anomaly detection methods work. In this talk, I will introduce a new
research effort underway at the CERT Analysis Center that has the aim of
detecting both single-source and distributed port scans. Some initial
results from applying this new method of scan detection to the network logs
of a large organization will be presented, quantifying the amount and type
of scanning activity occuring. Finally, we will discuss some of the open
research issues still to be solved in this area, and conclude with setting
port scans in a larger research framework.
About the Speaker
Carrie Gates is a visiting scientist with the CERT Analysis Center at the
Software Engineering Institute, Carnegie Mellon University, where she is
working on her PhD dissertation in the area of distributed port scanning.
She has received numerous scholarships, including the IBM Scholars PhD
Fellowship, awarded in 2003. She holds a M.Sc. degree in Computer Science,
and has nearly 10 years of professional experience in the information
technology industry, including private industry, government, not-for-profit
organizations and academia. Most recently, she was the Systems Manager for
the Faculty of Computer Science at Dalhousie University, where she developed
her interest in network and system security.
Software Engineering Institute, Carnegie Mellon University, where she is
working on her PhD dissertation in the area of distributed port scanning.
She has received numerous scholarships, including the IBM Scholars PhD
Fellowship, awarded in 2003. She holds a M.Sc. degree in Computer Science,
and has nearly 10 years of professional experience in the information
technology industry, including private industry, government, not-for-profit
organizations and academia. Most recently, she was the Systems Manager for
the Faculty of Computer Science at Dalhousie University, where she developed
her interest in network and system security.
Ways to Watch
