In order to protect ICT systems against remote attacks and exploitation, insight into which systems are targeted is necessary as soon as possible. Given the lack of advance information, current network-based attack detection and mitigation
techniques, such as virus scanners o
...
In order to protect ICT systems against remote attacks and exploitation, insight into which systems are targeted is necessary as soon as possible. Given the lack of advance information, current network-based attack detection and mitigation
techniques, such as virus scanners or intrusion prevention systems, are typically aimed at countering the delivery and exploitation. This paper presents a novel approach capable of detecting threats while they scan a local network for potential targets and even before an intrusion attack has been made. Thisallows the defender to single out scan traffic and selectively deny access to an attacker performing reconnaissance while maintaining the availability to other users.We implement a proofof-concept on commodity graphics cards, and demonstrate fast prediction of scanner behavior on a /16 network telescope.@en
