Ontology type: schema:Chapter Open Access: True
2007
AUTHORSMin Gyung Kang , Juan Caballero , Dawn Song
ABSTRACTScan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures. More... »
PAGES157-174
Detection of Intrusions and Malware, and Vulnerability Assessment
ISBN
978-3-540-73613-4
978-3-540-73614-1
http://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10
DOIhttp://dx.doi.org/10.1007/978-3-540-73614-1_10
DIMENSIONShttps://app.dimensions.ai/details/publication/pub.1022436712
JSON-LD is the canonical representation for SciGraph data.
TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT
[
{
"@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json",
"about": [
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Information and Computing Sciences",
"type": "DefinedTerm"
},
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Artificial Intelligence and Image Processing",
"type": "DefinedTerm"
}
],
"author": [
{
"affiliation": {
"alternateName": "Carnegie Mellon University",
"id": "http://www.grid.ac/institutes/grid.147455.6",
"name": [
"Carnegie Mellon University"
],
"type": "Organization"
},
"familyName": "Kang",
"givenName": "Min Gyung",
"id": "sg:person.011657200106.31",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011657200106.31"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "Carnegie Mellon University",
"id": "http://www.grid.ac/institutes/grid.147455.6",
"name": [
"Carnegie Mellon University"
],
"type": "Organization"
},
"familyName": "Caballero",
"givenName": "Juan",
"id": "sg:person.07456732061.32",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07456732061.32"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "Carnegie Mellon University",
"id": "http://www.grid.ac/institutes/grid.147455.6",
"name": [
"Carnegie Mellon University"
],
"type": "Organization"
},
"familyName": "Song",
"givenName": "Dawn",
"id": "sg:person.01143152610.86",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
],
"type": "Person"
}
],
"datePublished": "2007",
"datePublishedReg": "2007-01-01",
"description": "Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures.",
"editor": [
{
"familyName": "M. H\u00e4mmerli",
"givenName": "Bernhard",
"type": "Person"
},
{
"familyName": "Sommer",
"givenName": "Robin",
"type": "Person"
}
],
"genre": "chapter",
"id": "sg:pub.10.1007/978-3-540-73614-1_10",
"inLanguage": "en",
"isAccessibleForFree": true,
"isPartOf": {
"isbn": [
"978-3-540-73613-4",
"978-3-540-73614-1"
],
"name": "Detection of Intrusions and Malware, and Vulnerability Assessment",
"type": "Book"
},
"keywords": [
"detection method",
"information hiding techniques",
"network information",
"attacker",
"scan detection",
"possible countermeasures",
"novel metric",
"simulation results",
"countermeasures",
"wide availability",
"novel classification",
"important means",
"information",
"detection",
"technique",
"theoretical analysis",
"metrics",
"classification",
"method",
"TRW",
"resources",
"effectiveness",
"advantages",
"such policies",
"suppression method",
"little research",
"availability",
"disclosure",
"research",
"policy",
"means",
"state",
"results",
"scans",
"scanning",
"analysis",
"importance",
"scan technique",
"paper",
"amnesty policy"
],
"name": "Distributed Evasive Scan Techniques and Countermeasures",
"pagination": "157-174",
"productId": [
{
"name": "dimensions_id",
"type": "PropertyValue",
"value": [
"pub.1022436712"
]
},
{
"name": "doi",
"type": "PropertyValue",
"value": [
"10.1007/978-3-540-73614-1_10"
]
}
],
"publisher": {
"name": "Springer Nature",
"type": "Organisation"
},
"sameAs": [
"https://doi.org/10.1007/978-3-540-73614-1_10",
"https://app.dimensions.ai/details/publication/pub.1022436712"
],
"sdDataset": "chapters",
"sdDatePublished": "2022-05-20T07:42",
"sdLicense": "https://scigraph.springernature.com/explorer/license/",
"sdPublisher": {
"name": "Springer Nature - SN SciGraph project",
"type": "Organization"
},
"sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_152.jsonl",
"type": "Chapter",
"url": "https://doi.org/10.1007/978-3-540-73614-1_10"
}
]Download the RDF metadata as: json-ld nt turtle xml License info
JSON-LD is a popular format for linked data which is fully compatible with JSON.
curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'
N-Triples is a line-based linked data format ideal for batch operations.
curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'
Turtle is a human-readable linked data format.
curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'
RDF/XML is a standard XML format for linked data.
curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'
This table displays all metadata directly associated to this object as RDF triples.
119 TRIPLES
23 PREDICATES
66 URIs
59 LITERALS
7 BLANK NODES
| Subject | Predicate | Object | |
|---|---|---|---|
| 1 | sg:pub.10.1007/978-3-540-73614-1_10 | schema:about | anzsrc-for:08 |
| 2 | ″ | ″ | anzsrc-for:0801 |
| 3 | ″ | schema:author | N8a66d5d2a5944e1d80fa9703cc043d33 |
| 4 | ″ | schema:datePublished | 2007 |
| 5 | ″ | schema:datePublishedReg | 2007-01-01 |
| 6 | ″ | schema:description | Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures. |
| 7 | ″ | schema:editor | Nead9bbeca0064f07b6cbf77abbd14342 |
| 8 | ″ | schema:genre | chapter |
| 9 | ″ | schema:inLanguage | en |
| 10 | ″ | schema:isAccessibleForFree | true |
| 11 | ″ | schema:isPartOf | N0d873d4ccc434fe989ef485f13e3c001 |
| 12 | ″ | schema:keywords | TRW |
| 13 | ″ | ″ | advantages |
| 14 | ″ | ″ | amnesty policy |
| 15 | ″ | ″ | analysis |
| 16 | ″ | ″ | attacker |
| 17 | ″ | ″ | availability |
| 18 | ″ | ″ | classification |
| 19 | ″ | ″ | countermeasures |
| 20 | ″ | ″ | detection |
| 21 | ″ | ″ | detection method |
| 22 | ″ | ″ | disclosure |
| 23 | ″ | ″ | effectiveness |
| 24 | ″ | ″ | importance |
| 25 | ″ | ″ | important means |
| 26 | ″ | ″ | information |
| 27 | ″ | ″ | information hiding techniques |
| 28 | ″ | ″ | little research |
| 29 | ″ | ″ | means |
| 30 | ″ | ″ | method |
| 31 | ″ | ″ | metrics |
| 32 | ″ | ″ | network information |
| 33 | ″ | ″ | novel classification |
| 34 | ″ | ″ | novel metric |
| 35 | ″ | ″ | paper |
| 36 | ″ | ″ | policy |
| 37 | ″ | ″ | possible countermeasures |
| 38 | ″ | ″ | research |
| 39 | ″ | ″ | resources |
| 40 | ″ | ″ | results |
| 41 | ″ | ″ | scan detection |
| 42 | ″ | ″ | scan technique |
| 43 | ″ | ″ | scanning |
| 44 | ″ | ″ | scans |
| 45 | ″ | ″ | simulation results |
| 46 | ″ | ″ | state |
| 47 | ″ | ″ | such policies |
| 48 | ″ | ″ | suppression method |
| 49 | ″ | ″ | technique |
| 50 | ″ | ″ | theoretical analysis |
| 51 | ″ | ″ | wide availability |
| 52 | ″ | schema:name | Distributed Evasive Scan Techniques and Countermeasures |
| 53 | ″ | schema:pagination | 157-174 |
| 54 | ″ | schema:productId | N041064a4c0344bd3916f27c2df243e5d |
| 55 | ″ | ″ | N4111550d77c94386bb3ffabfb76b5dff |
| 56 | ″ | schema:publisher | Nd1632bb2158449c98a62f2b1daa43e01 |
| 57 | ″ | schema:sameAs | https://app.dimensions.ai/details/publication/pub.1022436712 |
| 58 | ″ | ″ | https://doi.org/10.1007/978-3-540-73614-1_10 |
| 59 | ″ | schema:sdDatePublished | 2022-05-20T07:42 |
| 60 | ″ | schema:sdLicense | https://scigraph.springernature.com/explorer/license/ |
| 61 | ″ | schema:sdPublisher | Nd47c6738b23a42c4819aab1116baedbc |
| 62 | ″ | schema:url | https://doi.org/10.1007/978-3-540-73614-1_10 |
| 63 | ″ | sgo:license | sg:explorer/license/ |
| 64 | ″ | sgo:sdDataset | chapters |
| 65 | ″ | rdf:type | schema:Chapter |
| 66 | N041064a4c0344bd3916f27c2df243e5d | schema:name | doi |
| 67 | ″ | schema:value | 10.1007/978-3-540-73614-1_10 |
| 68 | ″ | rdf:type | schema:PropertyValue |
| 69 | N0d873d4ccc434fe989ef485f13e3c001 | schema:isbn | 978-3-540-73613-4 |
| 70 | ″ | ″ | 978-3-540-73614-1 |
| 71 | ″ | schema:name | Detection of Intrusions and Malware, and Vulnerability Assessment |
| 72 | ″ | rdf:type | schema:Book |
| 73 | N4111550d77c94386bb3ffabfb76b5dff | schema:name | dimensions_id |
| 74 | ″ | schema:value | pub.1022436712 |
| 75 | ″ | rdf:type | schema:PropertyValue |
| 76 | N7496e706a3d242769a170da0497b3861 | schema:familyName | M. Hämmerli |
| 77 | ″ | schema:givenName | Bernhard |
| 78 | ″ | rdf:type | schema:Person |
| 79 | N881ff4e38e6a42cc8623d7ad77ee5f23 | rdf:first | sg:person.07456732061.32 |
| 80 | ″ | rdf:rest | Nc7a74a7ca6b546cead930c3c901469d6 |
| 81 | N8a66d5d2a5944e1d80fa9703cc043d33 | rdf:first | sg:person.011657200106.31 |
| 82 | ″ | rdf:rest | N881ff4e38e6a42cc8623d7ad77ee5f23 |
| 83 | N8aabe4dcfa5a4f27bf718f620722b4c5 | schema:familyName | Sommer |
| 84 | ″ | schema:givenName | Robin |
| 85 | ″ | rdf:type | schema:Person |
| 86 | N9381aae687a140148fa95fc9e1735913 | rdf:first | N8aabe4dcfa5a4f27bf718f620722b4c5 |
| 87 | ″ | rdf:rest | rdf:nil |
| 88 | Nc7a74a7ca6b546cead930c3c901469d6 | rdf:first | sg:person.01143152610.86 |
| 89 | ″ | rdf:rest | rdf:nil |
| 90 | Nd1632bb2158449c98a62f2b1daa43e01 | schema:name | Springer Nature |
| 91 | ″ | rdf:type | schema:Organisation |
| 92 | Nd47c6738b23a42c4819aab1116baedbc | schema:name | Springer Nature - SN SciGraph project |
| 93 | ″ | rdf:type | schema:Organization |
| 94 | Nead9bbeca0064f07b6cbf77abbd14342 | rdf:first | N7496e706a3d242769a170da0497b3861 |
| 95 | ″ | rdf:rest | N9381aae687a140148fa95fc9e1735913 |
| 96 | anzsrc-for:08 | schema:inDefinedTermSet | anzsrc-for: |
| 97 | ″ | schema:name | Information and Computing Sciences |
| 98 | ″ | rdf:type | schema:DefinedTerm |
| 99 | anzsrc-for:0801 | schema:inDefinedTermSet | anzsrc-for: |
| 100 | ″ | schema:name | Artificial Intelligence and Image Processing |
| 101 | ″ | rdf:type | schema:DefinedTerm |
| 102 | sg:person.01143152610.86 | schema:affiliation | grid-institutes:grid.147455.6 |
| 103 | ″ | schema:familyName | Song |
| 104 | ″ | schema:givenName | Dawn |
| 105 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86 |
| 106 | ″ | rdf:type | schema:Person |
| 107 | sg:person.011657200106.31 | schema:affiliation | grid-institutes:grid.147455.6 |
| 108 | ″ | schema:familyName | Kang |
| 109 | ″ | schema:givenName | Min Gyung |
| 110 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011657200106.31 |
| 111 | ″ | rdf:type | schema:Person |
| 112 | sg:person.07456732061.32 | schema:affiliation | grid-institutes:grid.147455.6 |
| 113 | ″ | schema:familyName | Caballero |
| 114 | ″ | schema:givenName | Juan |
| 115 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07456732061.32 |
| 116 | ″ | rdf:type | schema:Person |
| 117 | grid-institutes:grid.147455.6 | schema:alternateName | Carnegie Mellon University |
| 118 | ″ | schema:name | Carnegie Mellon University |
| 119 | ″ | rdf:type | schema:Organization |