Internet-Wide Scanners Classification using Gaussian Mixture and Hidden Markov Models
作者: Giulia De Santis , Abdelkader Lahmadi , Jerome Francois , Olivier Festor
DOI: 10.1109/NTMS.2018.8328698
关键词:
摘要: Internet-wide scanners are heavily used for malicious activities. This work models, from the scanned system point of view, spatial and temporal movements Network Scanning Activities (NSAs), related to difference successive IP addresses timestamps, respectively. Based on real logs incoming packets collected a darknet, Hidden Markov Models (HMMs) assess what scanning tool is operating. The proposed methodology, using only one aforementioned features tool, able fingerprint network scanner originated perceived darknet traffic.
sci-hub.se 参考文章(15)
Carrie Gates, Coordinated Scan Detection. network and distributed system security symposium. ,(2009)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
Ping Chen, Lieven Desmet, Christophe Huygens, A Study on Advanced Persistent Threats international conference on communications. pp. 63- 72 ,(2014) , 10.1007/978-3-662-44885-4_5
Anna Sperotto, Ramin Sadre, Pieter-Tjerk de Boer, Aiko Pras, Hidden Markov Model Modeling of SSH Brute-Force Attacks distributed systems operations and management. pp. 164- 176 ,(2009) , 10.1007/978-3-642-04989-7_13
Hans-Peter Kriegel, Martin Ester, Jörg Sander, Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial Databases with Noise knowledge discovery and data mining. pp. 226- 231 ,(1996)
Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins, Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices International Journal of Critical Infrastructure Protection. ,vol. 7, pp. 114- 123 ,(2014) , 10.1016/J.IJCIP.2014.03.001
L. R. Rabiner, B. H. Juang, Hidden Markov models for speech recognition Technometrics. ,vol. 33, pp. 251- 272 ,(1991) , 10.2307/1268779
Andrew C. Berry, The accuracy of the Gaussian approximation to the sum of independent variates Transactions of the American Mathematical Society. ,vol. 49, pp. 122- 136 ,(1941) , 10.1090/S0002-9947-1941-0003498-3
D. Ourston, S. Matzner, W. Stump, B. Hopkins, Applications of hidden Markov models to detecting multi-stage network attacks hawaii international conference on system sciences. pp. 334- ,(2003) , 10.1109/HICSS.2003.1174909
L. Rabiner, B. Juang, An introduction to hidden Markov models IEEE ASSP Magazine. ,vol. 3, pp. 4- 16 ,(1986) , 10.1109/MASSP.1986.1165342