Combating TCP Port Scan

Attacks Using Sequential Neur

Networks
R e d d y Ve n k a t a K a r t h i k
P A B B A T H I P AV A N G A N E S H
Bolikonda Ganesh Naidu
Ya r a m a l a S a i P r u d h v i r e d d y

Under the guidance

Prof. Shiva Kumar sir

Stage 2 – Project Presentation

Date:27/03/2023
 Abstract
 Introduction

 Problem Identification
 Objectives
 Domain Area
• Technology and Domain
• Dataset, Tools (Front End and Back End)
• Budget

 Reference

2
ABSTRACT

Port scans are a significant problem in contemporary communication networks,

leading to issues with application performance and throughput. In addition to being
used for reconnaissance attacks, they can cause significant disruptions to network
traffic. This paper proposes a novel architecture that leverages sequential neural
networks to classify packets and detect port scans. Sequential networks enable the
model to learn from the current environment and break down the task into smaller
components. Our results demonstrate that neural networks can successfully classify
general packetized traffic and more complex TCP classes with recognition rates above
99%. Furthermore, our model successfully detects open ports and scan attempts with
low false positives when tested against actual NMAP scan pcap files. This paper
demonstrates the effectiveness of neural networks in identifying and mitigating port
scan attacks, making it a valuable tool for network security.
INTRODUCTION

1. Background
2. Motivation
3. Problem Identification
4. Research Objectives
 INTRODUCTION
BACKGROUND: The text provides background information about a study that aims to detect
TCP port scans using neural networks. The authors describe their approach, which involves
training two neural networks: one to classify general packet categories and another to classify
TCP messages. The TCP classifier is specifically designed to detect TCP port scans by
analyzing flag patterns in the TCP messages. The authors provide details on the architecture
of the neural networks, the datasets used for training and testing, and the evaluation metrics
used to assess the accuracy of the classifiers. The authors also discuss some of the
challenges associated with detecting TCP port scans and highlight the benefits of using
neural networks compared to rule-based approaches.
PROBLEM :The problem is that TCP port scan attacks can compromise computer systems by identifying
vulnerabilities and allowing attackers to gain unauthorized access. Current methods for detecting port
scan attacks are often inefficient or require significant resources.
The solution proposed in this paper is to use sequential neural networks, which can analyze network
traffic in real-time and identify patterns associated with port scan attacks. By using this approach,
network administrators can quickly detect and respond to port scan attacks, reducing the risk of a
successful cyberattack.
MOTIVATION:

1. The motivation behind the development of a solution for combating TCP port scan attacks using
sequential neural networks is to address the increasing threat of cyber attacks on computer
networks. TCP port scan attacks are one of the most common types of attacks, and they can be used
to gather information about vulnerable systems or launch more sophisticated attacks.
2. Traditional methods of detecting and preventing these attacks often rely on rule-based or signature-
based approaches, which can be limited in their ability to detect new and sophisticated attacks. This
is where the application of sequential neural networks can be beneficial, as they can analyze
network traffic in real-time and identify patterns that may indicate a port scan attack.
3. The development of a solution for combating TCP port scan attacks using sequential neural
networks can help to improve the security of computer networks and protect against cyber threats. It
can also provide a more automated and efficient approach to detecting and preventing attacks,
allowing for faster response times and reduced risk of damage to critical systems and data.
RESEARCH OBJECTIVES:

1. To investigate the effectiveness of sequential neural networks in detecting and

preventing TCP port scan attacks.
2. To evaluate the performance of different types of sequential neural networks for
detecting and preventing TCP port scan attacks.
3. To compare the effectiveness of sequential neural networks with traditional
methods of detecting and preventing TCP port scan attacks.
4. To propose a framework for implementing sequential neural networks in a real-
world TCP port scan detection and prevention system.
5. To assess the feasibility of implementing sequential neural networks in a real-
world TCP port scan detection and prevention system.
DOMAIN AREA

1. Technology and Domain

2. Dataset, Tools (Front End and Back End)
3. Budget
1. Technology and Domain: The technology used in the research paper "Combating
TCP Port Scan Attacks Using Sequential Neural Networks" is machine learning,
specifically sequential neural networks. The research falls under the domain of
cybersecurity, particularly in the area of network security. The study aims to
develop a system that can detect and prevent TCP port scan attacks on computer
networks using machine learning algorithms.
2. Dataset and Tools: The researchers used a publicly available dataset, the KDD Cup
1999 dataset, which contains network traffic data for intrusion detection system
(IDS) evaluation.
Tools:
• Python programming language was used for implementing the Sequential Neural
Network (SNN) model.
• The Keras library was used to build and train the SNN model.
• The TensorFlow library was used as the backend for the Keras library.
 • The TensorFlow library was used as the backend for the Keras library.
• Scikit-learn library was used for data preprocessing and feature selection.
• Front-end and back-end tools were not used as this is a research paper focused on
developing a machine learning model for TCP port scan attack detection and
prevention, and not on building a software application or web interface.

 Budget: The budget for a research project can depend on various factors such as the
scope of the project, resources required, equipment and materials needed,
personnel costs, and so on. It would be best to consult with a project manager or
research team to determine a suitable budget for a specific project.
METHODOLOGY:

• Data Collection: The first step is to collect data on TCP port scan attacks. This data
will be used to train the Sequential Neural Network (SNN) model. The dataset used
in this research will be the KDD Cup 1999 dataset, which is a widely used dataset
in the field of network intrusion detection.
• Preprocessing: The collected dataset will be preprocessed to remove any irrelevant
features and to normalize the data. This step is essential to ensure that the model
can learn from the data efficiently.
• Training: The preprocessed dataset will be used to train the SNN model. The
model will be trained using the backpropagation algorithm, which is a widely used
algorithm for training neural networks.
• Validation: After training, the model will be validated using a separate
dataset to ensure that it is performing accurately. The performance of the
model will be evaluated using various metrics such as accuracy, precision,
recall, and F1-score.
• Testing: The final step is to test the performance of the SNN model on a real-time
network. The model will be integrated into an intrusion detection system and will
be tested on various TCP port scan attacks.The performance of the model will be
compared with existing methods to evaluate its effectiveness.
The tools used in this research include Python for coding, TensorFlow and Keras for
developing the SNN model, and Scikit-learn for data preprocessing and validation.
The front-end of the intrusion detection system will be developed using a web-based
interface, while the back-end will be developed using Python and Flask.
The budget for this research will be allocated towards the cost of computing resources,
data storage, and software licenses.
EXPECTED OUTPUT
CONCLUSION :

TCP port scan attacks remain a significant threat to network security.

The proposed approach of using sequential neural networks to combat
such attacks is promising, as shown in the study. The methodology
involves preprocessing the data, training the model, and evaluating its
performance. The dataset used for training and testing the model is
critical in determining its accuracy and effectiveness in detecting and
preventing TCP port scan attacks. Overall, this study provides a valuable
contribution to the field of network security and can potentially be
further developed and improved in the future.
REFERENCES
• Seungwoon Lee, Sun-young Im, Seung-Hun Shin, Byeong-
hee Roh& Cheolho Lee(2016). Implementation and
vulnerability test of stealth port scanning attacks using
ZMap of censys engine
• Bruce Hartpence& Andres Kwasinski(2020). Combating
TCP Port Scan Attacks Using Sequential Neural Networks
• Rodney Rohrmann, Mark W. Patton& Hsinchun
Chen(2016) Anonymous port scanning: Performing
network reconnaissance through Tor