On detecting and clustering distributed cyber scanning
作者: Elias Bou-Harb , Mourad Debbabi , Chadi Assi
DOI: 10.1109/IWCMC.2013.6583681
关键词:
摘要: This paper proposes an approach that is composed of two techniques respectively tackle the issues detecting corporate cyber scanning and clustering distributed reconnaissance activity. The first employed technique based on a non-attribution anomaly detection focuses what being scanned rather than who performing scanning. second adopts statistical time series rendered by observing correlation status traffic signal to perform identification clustering. To empirically validate both techniques, we experiment with real network datasets implement proof-of-concept environments. dataset comprises unsolicited one-way telescope/darknet while has been captured in our lab through customized setup. results show, one hand, for class C 250 active hosts 5 monitored servers, proposed technique's training period required stabilization less 1 state memory 80 bytes. Moreover, comparison Snort's sfPortscan technique, it was able detect 4215 unique scans yielded zero false negative. On other correctly identify cluster machines high accuracy even presence legitimate traffic.
sci-hub.se 参考文章(22)
William Stallings, SNMP, SNMPv2, SNMPv3, and RMON 1 and 2 ,(1998)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Gordon Fyodor Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning ,(2009)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Wei Zhang, Shaohua Teng, Xiufen Fu, Scan attack detection based on distributed cooperative model computer supported cooperative work in design. pp. 743- 748 ,(2008) , 10.1109/CSCWD.2008.4537071
Yoo Chung, Distributed denial of service is a scalability problem acm special interest group on data communication. ,vol. 42, pp. 69- 71 ,(2012) , 10.1145/2096149.2096160
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Rob Sloan, Advanced Persistent Threat Engineering & Technology Reference. ,vol. 1, ,(2014) , 10.1049/ETR.2014.0025
Claude Fachkha, Elias Bou-Harb, Amine Boukhtouta, Son Dinh, Farkhund Iqbal, Mourad Debbabi, Investigating the dark cyberspace: Profiling, threat-based analysis and correlation conference on risks and security of internet and systems. pp. 1- 8 ,(2012) , 10.1109/CRISIS.2012.6378947
José A.O. Matos, Sílvio M.A. Gama, Heather J. Ruskin, Adel Al Sharkasi, Martin Crane, Time and scale Hurst exponent analysis for financial markets Physica A-statistical Mechanics and Its Applications. ,vol. 387, pp. 3910- 3915 ,(2008) , 10.1016/J.PHYSA.2008.01.060