Although network reconnaissance through scanning has been well explored in the literature, new scan detection proposals with various detection features and capabilities continue to appear. To our knowledge, however, there is little discussion of reliable methodologies to evaluate network scanning detectors. In this paper, we show that establishing ground truth labels of scanning activity on non-synthetic network traces is a more difficult problem relative to labeling conventional intrusions. The main problem stems from lack of absolute ground truth (AGT). We identify the specific types of errors this admits. For real-world network traffic, typically many events can be equally interpreted as legitimate or intrusions, and therefore, establish...
This paper demonstrates how different machine learning techniques performed on a recent, partially l...
Network traffic anomalies stand for a large fraction of the Internet traffic andcompromise the perfo...
A wide range of IDS implementations with anomaly detection modules have been deployed. In general, t...
© 2005 Ms. Dana ZhangA prelude to most malicious network attacks involves a systematic scan on a tar...
Network scanning reveals valuable information of accessible hosts over the Internet and their offere...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Network scanning is a common, effective technique to search for vulnerable Internet hosts and to exp...
Malicious agents like self-propagating worms often rely on port and/or address scanning to discover ...
Abstract—Network Intrusion Detection is, in a modern network, a useful tool to detect a wide variety...
Purpose – The purpose of this paper is to evaluate if automated vulnerability scanning accurately id...
Abstract. Scan detection and suppression methods are an important means for preventing the disclosur...
Part 4: SecurityInternational audienceInternet scanning is a de facto background traffic noise that ...
Current scanning detection algorithms are based on an underlying assumption that scanning activity c...
Abstract. Content-based Anomaly Detection (AD) techniques are regarded as a promising mechanism to d...
The key methods for testing network-intrusion detection systems are considered. The advantages and d...
This paper demonstrates how different machine learning techniques performed on a recent, partially l...
Network traffic anomalies stand for a large fraction of the Internet traffic andcompromise the perfo...
A wide range of IDS implementations with anomaly detection modules have been deployed. In general, t...
© 2005 Ms. Dana ZhangA prelude to most malicious network attacks involves a systematic scan on a tar...
Network scanning reveals valuable information of accessible hosts over the Internet and their offere...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
Network scanning is a common, effective technique to search for vulnerable Internet hosts and to exp...
Malicious agents like self-propagating worms often rely on port and/or address scanning to discover ...
Abstract—Network Intrusion Detection is, in a modern network, a useful tool to detect a wide variety...
Purpose – The purpose of this paper is to evaluate if automated vulnerability scanning accurately id...
Abstract. Scan detection and suppression methods are an important means for preventing the disclosur...
Part 4: SecurityInternational audienceInternet scanning is a de facto background traffic noise that ...
Current scanning detection algorithms are based on an underlying assumption that scanning activity c...
Abstract. Content-based Anomaly Detection (AD) techniques are regarded as a promising mechanism to d...
The key methods for testing network-intrusion detection systems are considered. The advantages and d...
This paper demonstrates how different machine learning techniques performed on a recent, partially l...
Network traffic anomalies stand for a large fraction of the Internet traffic andcompromise the perfo...
A wide range of IDS implementations with anomaly detection modules have been deployed. In general, t...