Paper Title
Scanning Computer Networks Evaluation of Capabilities of Scan Detection and Detection Evasion

Attacks and intrusions in computer networks are topics of permanent interest. Every day new attacks appear, countermeasures are generated for them, and new techniques are developed to evade the countermeasures. The research to develop new mechanisms for intrusion detection is very intense, as is the research to create new methods to evade the detection mechanisms. Generally, the attacks have several phases, of which the initial phase of network scanning is particularly important. The main objective of this phase is to discover the computers of the network and obtain useful information about them. This work presents a method to evaluate the maximum capability of a Network Intrusion Detection System (NIDS) to detect scanning, and complementarily, the capability of a scanner to evade the surveillance of a NIDS. The evaluation is carried out while the network is operating normally, and the method allows to determine the maximum (optimal) detection capability, when the NIDS only process the scanning traffic. The method has been tested in several sub-networks of a university, using Snort as NIDS and Nmap as scanner. The results obtained are documented in the article. Index Terms— Network Scanning, Intrusion Detection Systems, Scan Detection, Scan Profiles, Detection Capability Evaluation.