Gray's anatomy: dissecting scanning activities using IP gray space analysis
作者: György Simon , Kuai Xu , Vipin Kumar , Zhi-Li Zhang , Yu Jin
DOI:
关键词: Host (network) 、 Gray (horse) 、 Campus network 、 Computer vision 、 Artificial intelligence 、 Traffic trace 、 NetFlow 、 Simulation 、 Computer science 、 Space (commercial competition)
摘要: In this paper, we study the scanning activities towards a large campus network using month-long netflow traffic trace. Based on novel notion of "gray" IP space (namely, collection addresses within our that are not assigned to any "active" host during certain period time), identify and extract potential outside scanners their associated activities. We then apply data mining machine learning techniques analyze patterns these classify them into few groups (e.g., focused hitters, random address scanners, blockwise scanners). The goal is infer strategies so as provide some assessment harmfulness - for example, whether observed simply part background radiation global or more targeted at network. This an on-going work; report preliminary, yet promising results obtained far.
elsevier.com参考文章(6)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
György J. Simon, Hui Xiong, Eric Eilertson, Vipin Kumar, Scan detection: A data mining approach siam international conference on data mining. pp. 118- 129 ,(2006) , 10.1137/1.9781611972764.11
Kuai Xu, Zhi-Li Zhang, Supratik Bhattacharyya, Profiling internet backbone traffic: behavior models and applications acm special interest group on data communication. ,vol. 35, pp. 169- 180 ,(2005) , 10.1145/1080091.1080112
Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, Larry Peterson, Characteristics of internet background radiation internet measurement conference. pp. 27- 40 ,(2004) , 10.1145/1028788.1028794
Yu Jin, Zhi-Li Zhang, Kuai Xu, Feng Cao, Sambit Sahu, Identifying and tracking suspicious activities through IP gray space analysis Proceedings of the 3rd annual ACM workshop on Mining network data - MineNet '07. pp. 7- 12 ,(2007) , 10.1145/1269880.1269883