Reference : Deep mining port scans from darknet
Scientific journals : Article
Engineering, computing & technology : Computer science
Computational Sciences
Deep mining port scans from darknet
Lagraa, Sofiane mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Chen, Yutian []
François, Jérôme []
International Journal of Network Management
John Wiley & Sons
Yes (verified by ORBilu)
[en] data mining ; darknet ; port scans ; graph ; text mining
[en] TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of orts. Our method is fully automated based on graph modeling and data mining techniques, including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet).
NATO ; Bpifrance ; Region Grand Est

File(s) associated to this reference

Fulltext file(s):

Limited access
document.pdfPublisher postprint1.3 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.