Distributed Evasive Scan Techniques and Countermeasures View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2007

AUTHORS

Min Gyung Kang , Juan Caballero , Dawn Song

ABSTRACT

Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures. More... »

PAGES

157-174

Book

TITLE

Detection of Intrusions and Malware, and Vulnerability Assessment

ISBN

978-3-540-73613-4
978-3-540-73614-1

Author Affiliations

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10

DOI

http://dx.doi.org/10.1007/978-3-540-73614-1_10

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1022436712


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kang", 
        "givenName": "Min Gyung", 
        "id": "sg:person.011657200106.31", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011657200106.31"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Caballero", 
        "givenName": "Juan", 
        "id": "sg:person.07456732061.32", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07456732061.32"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Carnegie Mellon University", 
          "id": "http://www.grid.ac/institutes/grid.147455.6", 
          "name": [
            "Carnegie Mellon University"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Song", 
        "givenName": "Dawn", 
        "id": "sg:person.01143152610.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2007", 
    "datePublishedReg": "2007-01-01", 
    "description": "Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures.", 
    "editor": [
      {
        "familyName": "M. H\u00e4mmerli", 
        "givenName": "Bernhard", 
        "type": "Person"
      }, 
      {
        "familyName": "Sommer", 
        "givenName": "Robin", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-540-73614-1_10", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-73613-4", 
        "978-3-540-73614-1"
      ], 
      "name": "Detection of Intrusions and Malware, and Vulnerability Assessment", 
      "type": "Book"
    }, 
    "keywords": [
      "detection method", 
      "information hiding techniques", 
      "network information", 
      "attacker", 
      "scan detection", 
      "possible countermeasures", 
      "novel metric", 
      "simulation results", 
      "countermeasures", 
      "wide availability", 
      "novel classification", 
      "important means", 
      "information", 
      "detection", 
      "technique", 
      "theoretical analysis", 
      "metrics", 
      "classification", 
      "method", 
      "TRW", 
      "resources", 
      "effectiveness", 
      "advantages", 
      "such policies", 
      "suppression method", 
      "little research", 
      "availability", 
      "disclosure", 
      "research", 
      "policy", 
      "means", 
      "state", 
      "results", 
      "scans", 
      "scanning", 
      "analysis", 
      "importance", 
      "scan technique", 
      "paper", 
      "amnesty policy"
    ], 
    "name": "Distributed Evasive Scan Techniques and Countermeasures", 
    "pagination": "157-174", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1022436712"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-540-73614-1_10"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-540-73614-1_10", 
      "https://app.dimensions.ai/details/publication/pub.1022436712"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:42", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_152.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-540-73614-1_10"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-73614-1_10'


 

This table displays all metadata directly associated to this object as RDF triples.

119 TRIPLES      23 PREDICATES      66 URIs      59 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-540-73614-1_10 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N8a66d5d2a5944e1d80fa9703cc043d33
4 schema:datePublished 2007
5 schema:datePublishedReg 2007-01-01
6 schema:description Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures.
7 schema:editor Nead9bbeca0064f07b6cbf77abbd14342
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N0d873d4ccc434fe989ef485f13e3c001
12 schema:keywords TRW
13 advantages
14 amnesty policy
15 analysis
16 attacker
17 availability
18 classification
19 countermeasures
20 detection
21 detection method
22 disclosure
23 effectiveness
24 importance
25 important means
26 information
27 information hiding techniques
28 little research
29 means
30 method
31 metrics
32 network information
33 novel classification
34 novel metric
35 paper
36 policy
37 possible countermeasures
38 research
39 resources
40 results
41 scan detection
42 scan technique
43 scanning
44 scans
45 simulation results
46 state
47 such policies
48 suppression method
49 technique
50 theoretical analysis
51 wide availability
52 schema:name Distributed Evasive Scan Techniques and Countermeasures
53 schema:pagination 157-174
54 schema:productId N041064a4c0344bd3916f27c2df243e5d
55 N4111550d77c94386bb3ffabfb76b5dff
56 schema:publisher Nd1632bb2158449c98a62f2b1daa43e01
57 schema:sameAs https://app.dimensions.ai/details/publication/pub.1022436712
58 https://doi.org/10.1007/978-3-540-73614-1_10
59 schema:sdDatePublished 2022-05-20T07:42
60 schema:sdLicense https://scigraph.springernature.com/explorer/license/
61 schema:sdPublisher Nd47c6738b23a42c4819aab1116baedbc
62 schema:url https://doi.org/10.1007/978-3-540-73614-1_10
63 sgo:license sg:explorer/license/
64 sgo:sdDataset chapters
65 rdf:type schema:Chapter
66 N041064a4c0344bd3916f27c2df243e5d schema:name doi
67 schema:value 10.1007/978-3-540-73614-1_10
68 rdf:type schema:PropertyValue
69 N0d873d4ccc434fe989ef485f13e3c001 schema:isbn 978-3-540-73613-4
70 978-3-540-73614-1
71 schema:name Detection of Intrusions and Malware, and Vulnerability Assessment
72 rdf:type schema:Book
73 N4111550d77c94386bb3ffabfb76b5dff schema:name dimensions_id
74 schema:value pub.1022436712
75 rdf:type schema:PropertyValue
76 N7496e706a3d242769a170da0497b3861 schema:familyName M. Hämmerli
77 schema:givenName Bernhard
78 rdf:type schema:Person
79 N881ff4e38e6a42cc8623d7ad77ee5f23 rdf:first sg:person.07456732061.32
80 rdf:rest Nc7a74a7ca6b546cead930c3c901469d6
81 N8a66d5d2a5944e1d80fa9703cc043d33 rdf:first sg:person.011657200106.31
82 rdf:rest N881ff4e38e6a42cc8623d7ad77ee5f23
83 N8aabe4dcfa5a4f27bf718f620722b4c5 schema:familyName Sommer
84 schema:givenName Robin
85 rdf:type schema:Person
86 N9381aae687a140148fa95fc9e1735913 rdf:first N8aabe4dcfa5a4f27bf718f620722b4c5
87 rdf:rest rdf:nil
88 Nc7a74a7ca6b546cead930c3c901469d6 rdf:first sg:person.01143152610.86
89 rdf:rest rdf:nil
90 Nd1632bb2158449c98a62f2b1daa43e01 schema:name Springer Nature
91 rdf:type schema:Organisation
92 Nd47c6738b23a42c4819aab1116baedbc schema:name Springer Nature - SN SciGraph project
93 rdf:type schema:Organization
94 Nead9bbeca0064f07b6cbf77abbd14342 rdf:first N7496e706a3d242769a170da0497b3861
95 rdf:rest N9381aae687a140148fa95fc9e1735913
96 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
97 schema:name Information and Computing Sciences
98 rdf:type schema:DefinedTerm
99 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
100 schema:name Artificial Intelligence and Image Processing
101 rdf:type schema:DefinedTerm
102 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.147455.6
103 schema:familyName Song
104 schema:givenName Dawn
105 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
106 rdf:type schema:Person
107 sg:person.011657200106.31 schema:affiliation grid-institutes:grid.147455.6
108 schema:familyName Kang
109 schema:givenName Min Gyung
110 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011657200106.31
111 rdf:type schema:Person
112 sg:person.07456732061.32 schema:affiliation grid-institutes:grid.147455.6
113 schema:familyName Caballero
114 schema:givenName Juan
115 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07456732061.32
116 rdf:type schema:Person
117 grid-institutes:grid.147455.6 schema:alternateName Carnegie Mellon University
118 schema:name Carnegie Mellon University
119 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...