AOCD: An Adaptive Outlier Based Coordinated Scan Detection Approach
Coordinated attacks are distributed in nature because they attempt to compromise a target machine from multiple sources. It is important for network defenders and administrators to detect these scans as possible preliminaries to more serious attacks. However, it is very difficult to detect malicious scans based on port specific behavior alone. In this paper, the authors present an Adaptive Outlier based approach for Coordinated scan Detection (AOCD) at an early stage with high accuracy. It is an outlier score based adaptive network anomaly detection approach that considers sets of normal instances during training. They use both normal and port scan instances for testing purpose.