An Analysis of Network Scanning Traffic as it relates to Scan-Detection in Network Intrusion Detection Systems
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
An Evaluation Of Scan-Detection Algorithms In Network Intrusion Detection Systems
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428701 , vital:72530 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/29.pdf
- Description: Network Intrusion Detection Systems are becoming more prevalent as devices to protect a network. However, the methods they use for some forms of detection are flawed. This paper builds upon existing research by van Riel and Irwin which illustrated these flaws in Snort and Bro's scan-detection engines. Indeed, it has been ascertained that a number of different scanning techniques are not identified by either Snort or Bro. This paper highlights current research into the improvement of these scan detection algorithms and presents insight into how this re-search is being conducted at Rhodes University. This research will im-prove on the scan detection engines in Snort and Bro, permitting them to be used in a production environment without fear of succumbing to the false negative problem which currently exists.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428701 , vital:72530 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/29.pdf
- Description: Network Intrusion Detection Systems are becoming more prevalent as devices to protect a network. However, the methods they use for some forms of detection are flawed. This paper builds upon existing research by van Riel and Irwin which illustrated these flaws in Snort and Bro's scan-detection engines. Indeed, it has been ascertained that a number of different scanning techniques are not identified by either Snort or Bro. This paper highlights current research into the improvement of these scan detection algorithms and presents insight into how this re-search is being conducted at Rhodes University. This research will im-prove on the scan detection engines in Snort and Bro, permitting them to be used in a production environment without fear of succumbing to the false negative problem which currently exists.
- Full Text:
- Date Issued: 2008
Towards a taxonomy of network scanning techniques
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
- «
- ‹
- 1
- ›
- »