Start Over

Deep Mining Port Scans from Darknet

Authors :: Yutian Chen
Sofiane Lagraa
Jerome Francois
Interdisciplinary Centre for Security, Reliability and Trust [Luxembourg] (SnT)
Université du Luxembourg (Uni.lu)
TELECOM Nancy
Université de Lorraine (UL)
Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST)
Inria Nancy - Grand Est
Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS)
Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA)
Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA)
Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)
LHS
ThreatPredict
HuMa
Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA)
Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)
Source :: International Journal of Network Management, International Journal of Network Management, Wiley, 2019, Special Issue: Advanced Security Management, 29 (3), pp.e2065. ⟨10.1002/nem.2065⟩, International Journal of Network Management, 2019, Special Issue: Advanced Security Management, 29 (3), pp.e2065. ⟨10.1002/nem.2065⟩
Publication Year :: 2019
Publisher :: HAL CCSD, 2019.
Abstract: International audience; TCP/UDP port scanning or sweeping is one of the most common technique used by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with as a final goal to better mitigate them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of ports. Our method is fully automated based on graph modeling and data mining techniques including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker, such that understanding the types of applications or environment she targets. We applied our method to data collected through a large Internet telescope (or Darknet).

Details

Language :: English
ISSN :: 10557148 and 10991190
Database :: OpenAIRE
Journal :: International Journal of Network Management, International Journal of Network Management, Wiley, 2019, Special Issue: Advanced Security Management, 29 (3), pp.e2065. ⟨10.1002/nem.2065⟩, International Journal of Network Management, 2019, Special Issue: Advanced Security Management, 29 (3), pp.e2065. ⟨10.1002/nem.2065⟩
Accession number :: edsair.doi.dedup.....488acc768a0e4c91f5ea51cdfe0cf40c
Full Text :: https://doi.org/10.1002/nem.2065⟩