| 摘要 |
A method and apparatus for detecting scans are described. In one example, a plurality of flows is allocated into a plurality of bins associated with different source Internet protocol (SIP) addresses. A set of bin characteristics for at least one bin of the plurality of bins is generated if the at least one bin reaches a predefined flow capacity. Afterwards, the set of bin characteristics is compared to a scan characteristics list to determine if a potential scan exists.
|
