Network scanning usually lunched by attackers for exploring and gathering information about the target network, this information may includes the network topology and services running on the network, based on the gathered information the attacker will put his attack plan to gain access to the  target network. Attackers sometimes  scan the target network with none previous knowledge concerning the active service or host in the target network which will  generate a high ratio of connection failure message which come in form of ICMP  type 3 code 3 packets (port unreachable) and ICMP type 3 code 1 packets (host unreachable).  This paper will propose approach for random and sequential type of UDP scanning detection based on the connection failures messages.
Copyright © 2013 Praise Worthy Prize - All rights reserved.

P. Li, M. Salour, and X. Su, "A survey of internet worm detection and containment," Communications Surveys & Tutorials, IEEE, vol. 10, pp. 20-35, 2008.

Tan, X., Tan, Z., Fang, W., Network traffic prediction model based on wavelet transform and ARMA, (2012) International Review on Computers and Software (IRECOS), 7 (5), pp. 2453-2460.

Li, H.-H., Wu, C.-L., Study of network access control system featuring collaboratively interacting network security components, (2013) International Review on Computers and Software (IRECOS), 8 (2), pp. 527-532.

M. de Vivo, E. Carrasco, G. Isern, and G. O. de Vivo, "A review of port scanning techniques," ACM SIGCOMM Computer Communication Review, vol. 29, pp. 41-48, 1999.

S. Northcutt and J. Novak, Network intrusion detection: an analyst's handbook: New Riders Publishing Thousand Oaks, CA, USA, 2002.

Sengan, S., Chethur Pandian, S., An efficient agent-based intrusion detection system for detecting malicious nodes in MANET routing, (2012) International Review on Computers and Software (IRECOS), 7 (6), pp. 3037-3041.

G. Gu, R. Perdisci, J. Zhang, and W. Lee, "BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection," SS'08 Proceedings of the 17th conference on Security symposium, 2008, pp. 139-154.

X. Yang, J. Lu, Y. Zhu, and P. Wang, "Simulation and Evaluation of a New Algorithm of Worm Detection and Containment," PDCAT '06 Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies, 2006, pp. 448-453.

V. Berk, G. Bakos, and R. Morris, "Designing a framework for active worm detection on global networks," in Information Assurance, 2003. IWIAS 2003. Proceedings. First IEEE International Workshop on, 2003, pp. 13-23.

Jaeyeon Jung; Paxson, V.; Berger, A.W.; Balakrishnan, H., "Fast portscan detection using sequential hypothesis testing," Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on , vol., no., pp.211,225, 9-12 May 2004.

S. E. Schechter, J. Jung, and A. W. Berger, "Fast detection of scanning worm infections," 7th International Symposium on Recent Advances in Intrusion Detection (RAID), French Riviera, France, September 2004, pp. 59-81.