Computer networks, such as those utilizing the Internet Protocol (“IP”) are subject to security violations. These security violations can include activities such as reconnaissance, exploits, denial of service (“DoS”), and misuse of the network. In the case of exploits, DoS attacks, and misuse, the security violations are often only detected after the security violations have begun. By the time the security violations are detected, damage (e.g., slowed traffic, corrupted data, stolen data, etc.) may have already occurred.
It is desirable, therefore, to detect security violations as early as possible. One method of doing this is to detect reconnaissance (i.e., scanning) attacks, which are often a precursor to the other types of security violations. By detecting the scanning attacks, the other types of security violations are anticipated, and preventative measures may be taken. Accordingly, there is a need for a method of detecting the scanning attacks reliably and accurately.