A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic
作者: Elias Bou-Harb , Mourad Debbabi , Chadi Assi
DOI: 10.1109/ARES.2015.9
关键词:
摘要: This paper aims at inferring probing campaigns by investigating dark net traffic. The latter events refer to a new phenomenon of reconnaissance activities that are distinguished their orchestration patterns. objective is provide systematic methodology infer, in prompt manner, whether or not the perceived packets belong an orchestrated campaign. Additionally, could be easily leveraged generate network traffic signatures facilitate capturing incoming as belonging same inferred Indeed, this would utilized for early cyber attack warning and notification well simplified analysis tracking such events. To realize goals, proposed approach models challenging task problem interpolating predicting time series with missing values. By initially employing trigonometric interpolation subsequently executing state space modeling conjunction time-varying window algorithm, able pinpoint only monitoring few flows. We empirically evaluate effectiveness model using 330 GB real data. comparing outcome previously validated work, results indeed demonstrate promptness accuracy approach.
sci-hub.se 参考文章(13)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Mark Allman, Vern Paxson, Jeff Terrell, A brief history of scanning Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07. pp. 77- 82 ,(2007) , 10.1145/1298306.1298316
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, Behavioral analytics for inferring large-scale orchestrated probing events international conference on computer communications. pp. 506- 511 ,(2014) , 10.1109/INFCOMW.2014.6849283
Alberto Dainotti, Alistair King, Kimberly Claffy, Analysis of internet-wide probing using darknets Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security - BADGERS '12. pp. 13- 14 ,(2012) , 10.1145/2382416.2382423
John Heidemann, Yuri Pradkin, Ramesh Govindan, Christos Papadopoulos, Genevieve Bartlett, Joseph Bannister, Census and survey of the visible internet Proceedings of the 8th ACM SIGCOMM conference on Internet measurement conference - IMC '08. pp. 169- 182 ,(2008) , 10.1145/1452520.1452542
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On fingerprinting probing activities Computers & Security. ,vol. 43, pp. 35- 48 ,(2014) , 10.1016/J.COSE.2014.02.005
Jennifer Rexford, Jia Wang, Zhen Xiao, Yin Zhang, BGP routing stability of popular destinations acm special interest group on data communication. pp. 197- 202 ,(2002) , 10.1145/637201.637232
Darcy Benoit, André Trudel, World's first web census International Journal of Web Information Systems. ,vol. 3, pp. 378- 389 ,(2007) , 10.1108/17440080710848143
S. Panjwani, S. Tan, K.M. Jarrin, M. Cukier, An experimental evaluation to determine if port scans are precursors to an attack dependable systems and networks. pp. 602- 611 ,(2005) , 10.1109/DSN.2005.18
Ang Cui, Salvatore J. Stolfo, A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan annual computer security applications conference. pp. 97- 106 ,(2010) , 10.1145/1920261.1920276