1. Field of the Invention
Embodiments of the present invention generally relate to telecommunications systems and, more particularly, to a method and apparatus for detecting scans in a stream of data packets over a network.
2. Description of the Related Art
Reconnaissance or scanning typically serves as an initial indication of network intrusion: Whether scanning is conducted automatically by a worm or manually by a hacker, the ultimate goal is to gather information regarding the vulnerabilities of the network or associated machines. Thus, although not harmful in itself, a scan may lead to more destructive attacks or be indicative of potentially dangerous activity. Consequently, the detection of scans may serve as an effective method for early detection of various attacks (e.g., worms) or potential attacks (e.g., BotNets).
Thus, there is a need in the art for a method and apparatus for detecting scans.