Practical automated detection of stealthy portscans

Stuart Staniford; James Hoagland; Joseph M. McAlerney

doi:https://doi.org/10.3233/jcs-2002-101-205

doi.org/10.3233/jcs-2002-101-205

Practical automated detection of stealthy portscans

,

,

Journal of Computer Security1.20

Volume: 10, Issue: 1-2, Pages: 105 - 136

Published: Jan 1, 2002

Abstract

Portscan detectors in network intrusion detection products are easy to evade. They classify a portscan as more than N distinct probes within M seconds from a single source. This paper begins with an analysis of the scan detection problem, and then presents Spice (Stealthy Probing and Intrusion Corr elation Engine), a portscan detector that is effective against stealthy scans yet operationally practical. Our design maintains records of event...

Paper Fields

Paper Details

Title

Practical automated detection of stealthy portscans

DOI

doi.org/10.3233/jcs-2002-101-205

Published Date

Jan 1, 2002

Journal

Journal of Computer Security

Volume

10

Issue

1-2

Pages

105 - 136

Citation AnalysisPro

You’ll need to upgrade your plan to Pro

Looking to understand the true influence of a researcher’s work across journals & affiliations?

Scinapse’s Top 10 Citation Journals & Affiliations graph reveals the quality and authenticity of citations received by a paper.
Discover whether citations have been inflated due to self-citations, or if citations include institutional bias.

Learn more

Notes

History