Evading Detection During Network Reconnaissance
Ilias Belalis, Georgios Spathoulas, Ioannis Anagnostopoulos
2023
Abstract
Network security attacks have seen a significant increase in recent years. A remote attacker needs to understand the topology of the victim network and extract as much information as possible for the hosts of the network. The first step of a network attack is called reconnaissance and aims at gathering such information. In this paper, we analyze the detection of such activity through the use of machine learning classifiers. We identify which are the characteristics of reconnaissance activity that render it detectable and employ a heuristic approach to decide optimal values for such fields that can produce undetectable port scanning traffic. Based on those findings, a covert port scanning tool has been developed and made publicly available. The tool executes the reconnaissance step of an attack in a way that it can evade being detected.
DownloadPaper Citation
in Harvard Style
Belalis I., Spathoulas G. and Anagnostopoulos I. (2023). Evading Detection During Network Reconnaissance. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 528-534. DOI: 10.5220/0011685900003405
in Bibtex Style
@conference{icissp23,
author={Ilias Belalis and Georgios Spathoulas and Ioannis Anagnostopoulos},
title={Evading Detection During Network Reconnaissance},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={528-534},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011685900003405},
isbn={978-989-758-624-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evading Detection During Network Reconnaissance
SN - 978-989-758-624-8
AU - Belalis I.
AU - Spathoulas G.
AU - Anagnostopoulos I.
PY - 2023
SP - 528
EP - 534
DO - 10.5220/0011685900003405