Detecting malicious users in dynamic spectrum access scenarios is a crucial problem that requires an intrusion detection system (IDS) that scans spectrum for malicious activities. In this paper we design a spectrum scanning protocol that incorporates knowledge about the scanning effectiveness across different bands, which can increase scanning efficiency. The adversary, however, can also exploit such knowledge to its advantage. To understand the interplay underlying this problem, we formulate a Bayesian model, where the IDS faces a scanning allocation dilemma: if the intruder has no knowledge, then all the bands are under equal threat, while if the intruder has complete knowledge, then less-protected bands are more likely to be threatened. We solve this dilemma and show the optimal IDS strategy switches between the optimal response to these threats. Finally, we show that the strategy might be sensitive to prior knowledge, which can be corrected by adapted learning.