Distributed Evasive Scan Techniques and Countermeasures

  • Min Gyung Kang
  • Juan Caballero
  • Dawn Song
Conference paper

DOI: 10.1007/978-3-540-73614-1_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4579)
Cite this paper as:
Kang M.G., Caballero J., Song D. (2007) Distributed Evasive Scan Techniques and Countermeasures. In: M. Hämmerli B., Sommer R. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2007. Lecture Notes in Computer Science, vol 4579. Springer, Berlin, Heidelberg

Abstract

Scan detection and suppression methods are an important means for preventing the disclosure of network information to attackers. However, despite the importance of limiting the information obtained by the attacker, and the wide availability of such scan detection methods, there has been very little research on evasive scan techniques, which can potentially be used by attackers to avoid detection. In this paper, we first present a novel classification of scan detection methods based on their amnesty policy, since attackers can take advantage of such policies to evade detection. Then we propose two novel metrics to measure the resources that an attacker needs to complete a scan without being detected. Next, we introduce z-Scan, a novel evasive scan technique that uses distributed scanning, and show that it is extremely effective against TRW, one of the state-of-the-art scan detection methods. Finally, we investigate possible countermeasures including hybrid scan detection methods and information-hiding techniques. We provide theoretical analysis, as well as simulation results, to quantitatively measure the effectiveness of the evasive scan techniques and the countermeasures.

Keywords

scan detection evasion distributed scanning information-hiding 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Min Gyung Kang
    • 1
  • Juan Caballero
    • 1
  • Dawn Song
    • 1
  1. 1.Carnegie Mellon University 

Personalised recommendations