Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Limitations to Threshold Random Walk Scan Detection and Mitigating Enhancements

Published

Author(s)

Peter M. Mell, Richard Harang

Abstract

This paper discusses limitations in one of the most widely cited single source scan detection algorithms: threshold random walk (TRW). If an attacker knows that TRW is being employed, these limitations enable full circumvention allowing undetectable high speed full horizontal and vertical scanning of target networks from a single IP address. To mitigate the discovered limitations, we provide 3 enhancements to TRW and analyze the increased cost in computational complexity and memory. Even with these mitigations in place, circumvention is still possible but only through collaborative scanning (something TRW was not designed to detect) with a significant increase in the required level of effort and usage of resources.
Proceedings Title
Proceeding of the First IEEE Conference on Communications and Network Security
Conference Dates
October 14-16, 2013
Conference Location
Washington D.C., DC
Conference Title
First IEEE Conference on Communications and Network Security

Keywords

scanning, intrusion detection, computer security

Citation

Mell, P. and Harang, R. (2013), Limitations to Threshold Random Walk Scan Detection and Mitigating Enhancements, Proceeding of the First IEEE Conference on Communications and Network Security , Washington D.C., DC, [online], https://doi.org/10.1109/CNS.2013.6682723 (Accessed December 7, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 16, 2013, Updated November 10, 2018