DOIONLINE

DOIONLINE NO - IJACEN-IRAJ-DOIONLNE-5930

Publish In
International Journal of Advance Computational Engineering and Networking (IJACEN)-IJACEN
Journal Home
Volume Issue
Issue
Volume-4, Issue-10  ( Oct, 2016 )
Paper Title
Scanning Computer Networks Evaluation of Capabilities of Scan Detection and Detection Evasion
Author Name
Daniel F. Garcia, Adrian Fernandez
Affilition
University of Oviedo, Department of Informatics, Gijon, Spain
Pages
58-63
Abstract
Attacks and intrusions in computer networks are topics of permanent interest. Every day new attacks appear, countermeasures are generated for them, and new techniques are developed to evade the countermeasures. The research to develop new mechanisms for intrusion detection is very intense, as is the research to create new methods to evade the detection mechanisms. Generally, the attacks have several phases, of which the initial phase of network scanning is particularly important. The main objective of this phase is to discover the computers of the network and obtain useful information about them. This work presents a method to evaluate the maximum capability of a Network Intrusion Detection System (NIDS) to detect scanning, and complementarily, the capability of a scanner to evade the surveillance of a NIDS. The evaluation is carried out while the network is operating normally, and the method allows to determine the maximum (optimal) detection capability, when the NIDS only process the scanning traffic. The method has been tested in several sub-networks of a university, using Snort as NIDS and Nmap as scanner. The results obtained are documented in the article. Index Terms— Network Scanning, Intrusion Detection Systems, Scan Detection, Scan Profiles, Detection Capability Evaluation.
  View Paper