Modeling of IP Scanning Activities with Hidden Markov Models: Darknet Case Study
作者: Giulia De Santis , Abdelkader Lahmadi , Jerome Francois , Olivier Festor
DOI: 10.1109/NTMS.2016.7792461
关键词: Darknet 、 Artificial intelligence 、 Hidden Markov model 、 Time windows 、 Markov process 、 Data mining 、 Computer science 、 Poisson distribution 、 Machine learning 、 Scale (map) 、 Basis (linear algebra)
摘要: We propose a methodology based on Hidden Markov Models (HMMs) to model scanning activities monitored by darknet. The HMMs of are built the basis number scanned IP addresses within time window and fitted using mixtures Poisson distributions. Our is applied real data traces collected from darknet generated two large scale scanners, ZMap Shodan. demonstrated that models able characterize their activities.
archives-ouvertes.fr
sci-hub.se 参考文章(12)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
Ping Chen, Lieven Desmet, Christophe Huygens, A Study on Advanced Persistent Threats international conference on communications. pp. 63- 72 ,(2014) , 10.1007/978-3-662-44885-4_5
Zhichun Li, Anup Goyal, Yan Chen, Honeynet-based botnet scan traffic analysis Conference on Botnet Detection - Countering the Largest Security Threat. ,vol. 36, pp. 25- 44 ,(2008) , 10.1007/978-0-387-68768-1_2
Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, Aiko Pras, Hidden Markov Model Modeling of SSH Brute-Force Attacks distributed systems operations and management. pp. 164- 176 ,(2009) , 10.1007/978-3-642-04989-7_13
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic availability, reliability and security. pp. 180- 185 ,(2015) , 10.1109/ARES.2015.9
Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins, Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices International Journal of Critical Infrastructure Protection. ,vol. 7, pp. 114- 123 ,(2014) , 10.1016/J.IJCIP.2014.03.001
Derek Leonard, Zhongmei Yao, Xiaoming Wang, Dmitri Loguinov, Stochastic analysis of horizontal IP scanning international conference on computer communications. pp. 2077- 2085 ,(2012) , 10.1109/INFCOM.2012.6195589
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On fingerprinting probing activities Computers & Security. ,vol. 43, pp. 35- 48 ,(2014) , 10.1016/J.COSE.2014.02.005
Eric Wustrow, Zakir Durumeric, J. Alex Halderman, ZMap: fast internet-wide scanning and its security applications usenix security symposium. pp. 605- 620 ,(2013)
Claude Fachkha, Mourad Debbabi, Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization IEEE Communications Surveys and Tutorials. ,vol. 18, pp. 1197- 1227 ,(2016) , 10.1109/COMST.2015.2497690