Professional Documents
Culture Documents
Embedded Port Scanner (EPSS) System Using Linux and Single Board Computer
Embedded Port Scanner (EPSS) System Using Linux and Single Board Computer
Embedded Port Scanner (EPSS) System Using Linux and Single Board Computer
net/publication/251873688
Embedded Port Scanner (EPSS) System using linux and Single Board Computer
CITATIONS READS
0 261
6 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Ghossoon M. Waleed on 07 November 2014.
Embedded Port Scanner (EPSS) System Using Linux and Single Board
Computer
Authorized licensed use limited to: Universiti Malaysia Perlis. Downloaded on June 30, 2009 at 01:01 from IEEE Xplore. Restrictions apply.
and prevent their further damage, many networks anomalousness score, which are stored longer, while
employ Network Intrusion Detection Systems (NIDS) state for unsuspicious packets is safely discarded. This
at network entrances. One of the popular methods for heuristic allows Spice to detect stealthy port scans
finding susceptible hosts is port scanning. Port while still being operationally practical. Another
scanning can be defined as "hostile Internet searches approach is employed by Vern Paxon in Bro and
for open 'doors', or ports, through which intruders gain emphasizes real time performance and notification, as
access to computers." [8]. Port scanning can be use for well as clear separation between mechanism and
a wide variety of applications, including network policy [11].
mapping, service discovery and security scanning. The
network administrator uses port scanning technique to 3. SYSTEM ARCHITECTURE
determine what network-aware applications are
running on the network. The security consultant uses A. Overview (EPSS)
the port scanning technique to find potential security
issues and violations [9]. This system is called Embedded Port Scanner
The remainder of this paper is organized as System (EPSS) which is used for network security
follows: Section 2 describes the port scanning activity (Network Intrusion Detection) purpose. Figure 1
and detection methods. Section 3 describes the overall shows an overview of the Embedded Port Scanner
system overview. Architecture of the system is System. Efficiency of size, weight, cost,
described in section 4. Section 5 describes the interchangeability, and consistency are the major
embedded system TS-5500. Sections 6 summarize the factors [12] which leads to the selection of embedded
results and performance of the new system. Lastly PC as the hardware platform for the system. The
section 7 provides the conclusion. embedded PC standard, a commonly-used robotic
development platform [13][14], specifies a main board
of approximately 4 by 4 inches that houses a
processor, memory and the basic chipset needed to
2. RELATED WORK function as a standalone embedded computer capable
of functioning with only a separate power supply and
whatever outside input or output devices the
Port scanning is a technique for discovering host's application calls for. The embedded PC allows the use
weaknesses by sending port probes. Although of an 802.11b (Wi-Fi) and wired Ethernet that
sometimes used by system administrators for network provides high-speed two way communication link
exploration, port scanning generally refers to scans between the system and PC Database Server.
carried out by malicious users seeking out network The embedded PC itself is portable and can be
vulnerabilities. The negative effects of port scans are used for various purposes such as network based
numerous and range from wasting resources, to identification system on human face, robot vision
congesting the network, to enabling future more platform and embedded web server. Utilizing Linux
serious attack. There is a plethora of tools that aim to based embedded PC allows us to manipulate the
determine a system's weaknesses and determine the availability of open source resources such as libraries,
best method for an attack. The best known and kernels and drivers in developing and implementing
documented tool is nmap by Fyodor [10]. Nmap uses a this system. The embedded PC comes with TS-Linux
variety of active probing techniques and changes the OS, which also include TCP/IP network protocol. This
packet probe options to determine a host's operating allows network centric applications to be easily
system. Nmap offers its users the ability to randomize developed and implemented. It can also perform
destination IPs and change the order of timing internal comparison of the verification if users
between packets. database are available on the embedded PC. This is
Several port scan detection mechanisms have useful if the size of user database is small and it will
been developed and are commonly included as part of not involve any communication with external
intrusion detection systems. However, many of the databases. The only issue is the speed of the
detectors are easy to evade since they use simple rules processing of the verification, which is slow compared
that classify a port scan as more than X distinct probes to the network based due to the low processing speed
within Y seconds from a single source. Typically, the of the embedded PC. However this can be improved
length of Y is severely limited to keep the amount of by using high speed embedded PC boards.
state manageable. Spice, a tool developed at Silicon
Defense, tries to avoid this drawback. Spice maintains
records of event likelihood, from which it generates
Authorized licensed use limited to: Universiti Malaysia Perlis. Downloaded on June 30, 2009 at 01:01 from IEEE Xplore. Restrictions apply.
The software code is portable to a desktop system for
integration with other software components such as
Internet network security (IDS/IPS) software. Keypad module
is required in order to perform the task. The software
code is portable to a small embedded system without
the need of the specific 32 bit embedded PC or
without the use of 32 bit embedded PC based system.
The software works in any platform where Linux
kernel has been ported. The software code is written to
work regardless of any limitation of the hardware
platform such as slow processing speed.
Port Scan
(Active leoom.aissance) COM
PON
P.ccket S:niff ENT
(passive ncomaissance)
Authorized licensed use limited to: Universiti Malaysia Perlis. Downloaded on June 30, 2009 at 01:01 from IEEE Xplore. Restrictions apply.
Developing EPS for Intrusion Detection has the
benefit that the system modules are natively more 2.------------------.
1.8
secure with substantially good system performance. In
1.6
addition, a lot of legacy C library code can be easily 1.4
ported. The experiment, presents the performance of 1.2
the new Embedded Port Scan System (EPSS). The 1
performances of the new system are tested by 0.8
comparison of the CPU status and used of memory 0.6
before executing the program and at the time of 0.4
execution. Total memory of the new system is 62684 0.2
k. The new source code total file size is 6.0k and the O+----r----,--,..-----,--....,.----r---,--~---l
Authorized licensed use limited to: Universiti Malaysia Perlis. Downloaded on June 30, 2009 at 01:01 from IEEE Xplore. Restrictions apply.
Port Scanning System would be utilize for network International Society for Optical Engineering, 1999, pp 122-
security purpose and this will help to generate better 133.
network intrusion detection systems (port scanning)
and increase network security with embedded system.
The implemented Embedded Port Scanner System can
provide a small size and low-priced equipment.
REFERENCES
[1]. J. P. Anderson, "Computer Security Threat Monitoring
and Surveillance", Fort Washington, PA, Apr. 1980. Seminal
paper on the use of auditing and logging for security.
[2]. J. Allen, A. Christie, W. Fithen, J, McHugh, J, Pickel
and E. Stoner, "State of the Practice of Intrusion Detection
Technologies", CMU/SEI-99-TR-028, Jan, 2000.
[3]. Eivind Naess, Debroah A. Frincke, A. David Mckinnon,
David E. Bakken. "In procedding 25 th International
Conferrence on Distributed Computing System Workshops
(ICDCSW'05)", IEEE, 2005.
[4]. Jichiang Tsai, Chung-Hsin Feng, and Chuyuan Tsai "
TENCON 2006, IEEE Region 10 Conference 14-17 Nov.
2006 page (s): 1-4.
[5]. TS-5500 PC/I04 SBC with AMD 586 Processor. Citing
Internet Source, URL
http://www.embeddedarm.comlepc/ts5500-spec-h.html
[6] S. Stainford, "Containment of Scanning Worms in
Enterprise Networks", IEEE, INFOCOM, 2002.
[7] N. Weaver, V. Paxson and S, Stainford, "A Taxonomy of
Computer Worms", ACM Workshop of Rapid Malcode,
2003.
[8] Agenda and Work Plan. Computer Security Incident
Response Team (CSIRT), Florida State
University,. http://www.security.fsu.edu/csirt mtg
[91 M. D. Schiffman. "Building Open Source Network
Security Tools Components and Technique". Wily
Publishing. Inc. ISBN 0-471-20544-3. pp 217-218.
[101 Fyodor. http://www.insecure.org/nmap
[Ill V. Paxon. Bro. "A System for Detecting Network
Intruders in Real-Time". ftp://ftp.ee.lbl.gov/papers/bro-
CN99
Authorized
View publication stats licensed use limited to: Universiti Malaysia Perlis. Downloaded on June 30, 2009 at 01:01 from IEEE Xplore. Restrictions apply.