Attack detection based on thresholds of activity that
differentiate between attacks and similar non-malicious behaviors is
exploited by launching attacks that operate below the detection threshold.
Examples include breadth-first password guessing attacks, breadth-first port
scanning attacks, and low bandwidth covert channel exploitations.
Complexity: Remaining below detection thresholds is straightforward if the
thresholds are known and not possible to guarantee if they are unknown. In
most cases, estimates based on comparable policies or widely published
standards are adequate to accomplish below-threshold attacks.