References of "International Journal of Network Management"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailDeep mining port scans from darknet
Lagraa, Sofiane UL; Chen, Yutian; François, Jérôme

in International Journal of Network Management (2019)

TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing ... [more ▼]

TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of orts. Our method is fully automated based on graph modeling and data mining techniques, including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet). [less ▲]

Detailed reference viewed: 148 (4 UL)
Peer Reviewed
See detailOn the design and performance evaluation of automatic traffic report generation systems with huge data volumes
Vega Moreno, Carlos Gonzalo UL; Miravalls Sierra, Eduardo; Julián Moreno, Guillermo et al

in International Journal of Network Management (2018), 28(6), 2044

Summary In this paper, we analyze the performance issues involved in the generation of automated traffic reports for large IT infrastructures. Such reports allow the IT manager to proactively detect ... [more ▼]

Summary In this paper, we analyze the performance issues involved in the generation of automated traffic reports for large IT infrastructures. Such reports allow the IT manager to proactively detect possible abnormal situations and roll out the corresponding corrective actions. With the ever-increasing bandwidth of current networks, the design of automated traffic report generation systems is very challenging. In a first step, the huge volumes of collected traffic are transformed into enriched flow records obtained from diverse collectors and dissectors. Then, such flow records, along with time series obtained from the raw traffic, are further processed to produce a usable report. As will be shown, the data volume in flow records turns out to be very large as well and requires careful selection of the key performance indicators (KPIs) to be included in the report. In this regard, we discuss the use of high-level languages versus low-level approaches, in terms of speed and versatility. Furthermore, our design approach is targeted for rapid development in commodity hardware, which is essential to cost-effectively tackle demanding traffic analysis scenarios. Actually, the paper shows feasibility of delivering a large number of KPIs, as will be detailed later, for several TBytes of traffic per day using a commodity hardware architecture and high-level languages. [less ▲]

Detailed reference viewed: 78 (2 UL)