Inetvis: a graphical aid for the detection and visualisation of network scans... The algorithms of the Snort and Bro intrusion detection systems are based on counting unique connection attempts to destination addresses and ports....
Flow based observations from neti@home and honeynet data... We present a cumulative distribution function of the number of packets for a TCP flow and learn that a large portion of these flows in both datasets are failed and potentially malicious connection attempts....
Enhancing ids using, tiny honeypot... Enhancing IDS using, Tiny Honeypot One of the problems encountered with network intrusion detection systems is that the logging of failed connection attempts only occurs when services are not listening on a scanned port....
Using certes to infer client response time at the web server... Section 3 presents an overview of the Certes approach, the mathematical construction of the Certes model focusing on how it accounts for time attributed to failed connection attempts, and a fast online implementation of the Certes model....