Detecting Port Scan Attacks Using Logistic Regression

Port scanning attack is a common cyber-attack where an attacker directs packets with diverse port numbers to scan accessible services aiming to discover open/weak ports in a network. Hence, several detection/prevention techniques were developed to frustrate such cyber-attacks. In this paper, we propose a new inclusive discovery scheme that evaluate five supervised machine learning classifiers, including logistic regression, decision trees, linear/quadratic discriminant, naïve Bayes, and ensemble boosted trees. We compared the performance of these models via detection accuracy using a contemporary dataset for port scanning attacks (PSA-2017). As a result, the best performance results have recorded for logistic regression based detection scheme with 99.4%, 99.9%, 99.4%, 99.7%, and 0.454 µSec registered for accuracy, precision, recall, F-score, and detection overhead. Lastly, the comparison with existing models exhibited the proficiency and advantage of our model with enhanced attack discovery speed.