Paper Title :Scanning Computer Networks Evaluation of Capabilities of Scan Detection and Detection Evasion
Author :Daniel F. Garcia, Adrian Fernandez
Article Citation :Daniel F. Garcia ,Adrian Fernandez ,
(2016 ) " Scanning Computer Networks Evaluation of Capabilities of Scan Detection and Detection Evasion " ,
International Journal of Advance Computational Engineering and Networking (IJACEN) ,
pp. 58-63,
Volume-4, Issue-10
Abstract : Attacks and intrusions in computer networks are topics of permanent interest. Every day new attacks appear,
countermeasures are generated for them, and new techniques are developed to evade the countermeasures. The research to
develop new mechanisms for intrusion detection is very intense, as is the research to create new methods to evade the detection
mechanisms. Generally, the attacks have several phases, of which the initial phase of network scanning is particularly
important. The main objective of this phase is to discover the computers of the network and obtain useful information about
them. This work presents a method to evaluate the maximum capability of a Network Intrusion Detection System (NIDS) to
detect scanning, and complementarily, the capability of a scanner to evade the surveillance of a NIDS. The evaluation is carried
out while the network is operating normally, and the method allows to determine the maximum (optimal) detection capability,
when the NIDS only process the scanning traffic. The method has been tested in several sub-networks of a university, using
Snort as NIDS and Nmap as scanner. The results obtained are documented in the article.
Index Terms— Network Scanning, Intrusion Detection Systems, Scan Detection, Scan Profiles, Detection Capability
Evaluation.
Type : Research paper
Published : Volume-4, Issue-10
DOIONLINE NO - IJACEN-IRAJ-DOIONLINE-5930
View Here
Copyright: © Institute of Research and Journals
|
|
| |
|
PDF |
| |
Viewed - 59 |
| |
Published on 2016-11-07 |
|