On fingerprinting probing activities
作者: Elias Bou-Harb , Mourad Debbabi , Chadi Assi
DOI: 10.1016/J.COSE.2014.02.005
关键词:
摘要: Motivated by recent cyber attacks that were facilitated through probing, limited security intelligence and the lack of accuracy is provided scanning detection systems, this paper presents a new approach to fingerprint probing activity. It investigates whether perceived traffic refers activities which exact technique being employed perform probing. Further, work strives examine dimensions infer ‘machinery’ scan; random or follows certain predefined pattern; strategy employed; activity generated from software tool worm/bot. The leverages number statistical techniques, probabilistic distribution methods observations in an attempt understand analyze activities. To prevent evasion, formulates matter as change point problem yielded motivating results. Evaluations performed using 55 GB real darknet shows extracted inferences exhibit promising can generate significant insights could be used for mitigation purposes.
researchgate.net 
sci-hub.se 参考文章(45)
Ryan Prescott Adams, David JC MacKay, None, Bayesian Online Changepoint Detection arXiv: Machine Learning. ,(2007)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Zhichun Li, Anup Goyal, Yan Chen, Honeynet-based botnet scan traffic analysis Conference on Botnet Detection - Countering the Largest Security Threat. ,vol. 36, pp. 25- 44 ,(2008) , 10.1007/978-0-387-68768-1_2
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning ,(2009)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Wei Zhang, Shaohua Teng, Xiufen Fu, Scan attack detection based on distributed cooperative model computer supported cooperative work in design. pp. 743- 748 ,(2008) , 10.1109/CSCWD.2008.4537071
Yoo Chung, Distributed denial of service is a scalability problem acm special interest group on data communication. ,vol. 42, pp. 69- 71 ,(2012) , 10.1145/2096149.2096160
Simon Woodhead, Monitoring bad traffic with darknets Network Security. ,vol. 2012, pp. 10- 14 ,(2012) , 10.1016/S1353-4858(12)70006-5