A Statistical Approach for Fingerprinting Probing Activities
作者: Elias Bou-Harb , Mourad Debbabi , Chadi Assi
DOI: 10.1109/ARES.2013.9
关键词:
摘要: Probing is often the primary stage of an intrusion attempt that enables attacker to remotely locate, target, and subsequently exploit vulnerable systems. This paper attempts investigate whether perceived traffic refers probing activities which exact scanning technique being employed perform probing. Further, this work strives examine dimensions infer `machinery' scan, activity generated from a software tool or worm/bot net random follows certain predefined pattern. Motivated by recent cyber attacks were facilitated through probing, limited security intelligence related mentioned inferences lack accuracy provided detection systems, presents new approach fingerprint activity. The leverages number statistical techniques, probabilistic distribution methods observations in understand analyze activities. To prevent evasion, formulates matter as change point problem yielded motivating results. Evaluations performed using 55 GB real dark shows extracted exhibit promising can generate significant insights could be used for mitigation purposes.
ieeecomputersociety.org
acm.org 参考文章(29)
Ryan Prescott Adams, David JC MacKay, None, Bayesian Online Changepoint Detection arXiv: Machine Learning. ,(2007)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning ,(2009)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Wei Zhang, Shaohua Teng, Xiufen Fu, Scan attack detection based on distributed cooperative model computer supported cooperative work in design. pp. 743- 748 ,(2008) , 10.1109/CSCWD.2008.4537071
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
C.-K. Peng, S. V. Buldyrev, S. Havlin, M. Simons, H. E. Stanley, A. L. Goldberger, Mosaic organization of DNA nucleotides Physical Review E. ,vol. 49, pp. 1685- 1689 ,(1994) , 10.1103/PHYSREVE.49.1685
Uli Harder, Matt W. Johnson, Jeremy T. Bradley, William J. Knottenbelt, Observing Internet Worm and Virus Attacks with a Small Network Telescope Electronic Notes in Theoretical Computer Science. ,vol. 151, pp. 47- 59 ,(2006) , 10.1016/J.ENTCS.2006.03.011
Jerome H. Friedman, Lawrence C. Rafsky, Multivariate Generalizations of the Wald-Wolfowitz and Smirnov Two-Sample Tests Annals of Statistics. ,vol. 7, pp. 697- 717 ,(1979) , 10.1214/AOS/1176344722