Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Peter M. Mell; Richard Harang;|
|Title:||Limitations to Threshold Random Walk Scan Detection and Mitigating Enhancements|
|Published:||October 16, 2013|
|Abstract:||This paper discusses limitations in one of the most widely cited single source scan detection algorithms: threshold random walk (TRW). If an attacker knows that TRW is being employed, these limitations enable full circumvention allowing undetectable high speed full horizontal and vertical scanning of target networks from a single IP address. To mitigate the discovered limitations, we provide 3 enhancements to TRW and analyze the increased cost in computational complexity and memory. Even with these mitigations in place, circumvention is still possible but only through collaborative scanning (something TRW was not designed to detect) with a significant increase in the required level of effort and usage of resources.|
|Conference:||First IEEE Conference on Communications and Network Security|
|Proceedings:||Proceeding of the First IEEE Conference on Communications and Network Security|
|Pages:||pp. 332 - 340|
|Location:||Washington D.C., DC|
|Dates:||October 14-16, 2013|
|Keywords:||scanning, intrusion detection, computer security|
|Research Areas:||Computer Security|
|DOI:||http://dx.doi.org/10.1109/CNS.2013.6682723 (Note: May link to a non-U.S. Government webpage)|
|PDF version:||Click here to retrieve PDF version of paper (921KB)|