Practical automated detection of stealthy portscans
Abstract
Portscan detectors in network intrusion detection products are easy to evade. They classify a portscan as more than N distinct probes within M seconds from a single source. This paper begins with an analysis of the scan detection problem, and then presents Spice (Stealthy Probing and Intrusion Corr elation Engine), a portscan detector that is effective against stealthy scans yet operationally practical. Our design maintains records of event...
Paper Details
Title
Practical automated detection of stealthy portscans
Published Date
Jan 1, 2002
Journal
Volume
10
Issue
1-2
Pages
105 - 136
Citation AnalysisPro
You’ll need to upgrade your plan to Pro
Looking to understand the true influence of a researcher’s work across journals & affiliations?
- Scinapse’s Top 10 Citation Journals & Affiliations graph reveals the quality and authenticity of citations received by a paper.
- Discover whether citations have been inflated due to self-citations, or if citations include institutional bias.
Notes
History