ABSTRACT
In this chapter, we address scan detection techniques. In Chapters 3 and 4, we have discussed a “scan” attack in some intrusion detection systems (IDSs). Strictly speaking, a scan is not a real attack but is the precursor to an attack. Scans ƒnd vulnerabilities in cyberinfrastructures that they can use to inƒltrate systems easily and successfully. —us, we consider scan detection a preventive process that is di®erent from the classical IDSs that are designed to detect malicious patterns demonstrated during cyber attacks. In this chapter, we introduce and describe scan detection technologies. Scans can be regarded as intrusions and can be detected
140
using intrusion detection techniques. For instance, a number of IDSs have been applied to detect scans and other attacks among the attacks in the famous MIT DARPA intrusion detection data sets.
