Joseph M. McAlerney

Learn More
Portscan detectors in network intrusion detection products are easy to evade. They classify a portscan as more than N distinct probes within M seconds from a single source. This paper begins with an analysis of the scan detection problem, and then presents Spice (Stealthy Probing and Intrusion Correlation Engine), a portscan detector that is effective(More)
  • 1