@inproceedings{734f8fc04fd34f6288ddc42bed16878a,
title = "Scan detection: A data mining approach",
abstract = "A precursor to many attacks on networks is often a reconnaissance operation, more commonly referred to as a scan. Despite the vast amount of attention focused on methods for scan detection, the state-of-the-art methods suffer from high rate of false alarms and low rate of scan detection. In this paper, we formalize the problem of scan detection as a data mining problem. We show how the network traffic data sets can be converted into a data set that is appropriate for running off-the-shelf classifiers on. Our method successfully demonstrates that data mining models can encapsulate expert knowledge to create an adaptable algorithm that can substantially outperform state-of-the-art methods for scan detection in both coverage and precision.",
author = "Simon, {Gy{\"o}rgy J.} and Hui Xiong and Eric Eilertson and Vipin Kumar",
year = "2006",
doi = "10.1137/1.9781611972764.11",
language = "English (US)",
isbn = "089871611X",
series = "Proceedings of the Sixth SIAM International Conference on Data Mining",
publisher = "Society for Industrial and Applied Mathematics",
pages = "118--129",
booktitle = "Proceedings of the Sixth SIAM International Conference on Data Mining",
note = "Sixth SIAM International Conference on Data Mining ; Conference date: 20-04-2006 Through 22-04-2006",
}