Knowledge discovery of port scans from darknet

Lagraa, Sofiane; Jérôme, François

doi:10.23919/inm.2017.7987415

Cited by 24 publications

(15 citation statements)

References 14 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In van Riel and Irwin, the authors presented an animated 3‐D scatter plot visualization of port scanning on darknet data. Lagraa and François presented the discovery of vertical port scans from Darknet. They performed a deep analysis of port scan‐based attacks by proposing a graph model‐based approach to analyze/understand them.…”

Section: Background and Related Workmentioning

confidence: 99%

“…The originality of our approach compared with the related works is that first, it focuses on a specific problem, which is a port scanning, by extending a previous work . We aim to provide a generic and automatic port scanning profiling approach over darknet data.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Which are the group of ports commonly targeted? In another way, the time series of distinct source IP addresses per destination port is a better indicator than packet rates …”

Section: Port‐scan Graph Model Instantiationmentioning

confidence: 99%

“…The present work is an extension of our previous work by defining a port similarity, automatic port tagging, and performing a deep mining over darknet data.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Deep mining port scans from darknet

2019

Self Cite

View full text Add to dashboard Cite

TCP/UDP port scanning or sweeping is one of the most common technique used by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of ports. Our method is fully automated based on graph modeling and data mining techniques, including text mining.It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet).

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Background and Related Workmentioning

confidence: 99%

“…Which are the group of ports commonly targeted? In another way, the time series of distinct source IP addresses per destination port is a better indicator than packet rates …”

Section: Port‐scan Graph Model Instantiationmentioning

confidence: 99%

“…The present work is an extension of our previous work by defining a port similarity, automatic port tagging, and performing a deep mining over darknet data.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Deep mining port scans from darknet

2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Here, a swift reaction on threats in communication infrastructures is crucial for proper operation of networks, e.g., as shown in case of distributed denial of service attacks (Lagraa and Francois 2017). Detecting a possible threat early, e.g., a spreading malware, unauthorized access to resources, or malfunction of individual devices in a network, helps to mitigate or prevent negative impact on network performance or reduces downtime of services.…”

Section: Introductionmentioning

confidence: 99%

An evolutionary hybrid search heuristic for monitor placement in communication networks

et al. 2019

View full text Add to dashboard Cite

In this paper, a heuristic method for the optimal placement of monitors in communication networks is proposed. In order to be able to make informed decisions, a first step towards securing a communication network is deploying an adequate sensor infrastructure. However, appropriate monitoring should take into account the priority of the communication links as well as the location of monitors. The goal is to cover the whole network with the minimum investment and impact on performance, i.e., the optimal amount and positions of monitors in the network. In order to be able to counteract dynamic changes in those networks, e.g., link failures, attacks, or entering and leaving nodes, this work focuses on swiftly obtaining results having an acceptable quality. To achieve this goal, an effective hybrid search heuristic is introduced, combining the computational efficiency of a greedy local search method with the robustness of evolution-based heuristics. It is shown that this approach works well on synthetic benchmark instances and real-world network models, having up to millions of nodes, by comparing the performance of a common evolutionary algorithm (EA) to its hybrid search counterparts. It is observed that the hybrid search heuristics produce good solutions on the instances under study in a reasonable amount of time. Regarding the fitness of the solutions found, the hybrid approach outperforms the common EA in all the experiments. Moreover, on all problem instances, the hybrid EA finds the best solutions significantly earlier in the search process, which is key when monitoring a communication infrastructure which is subject to change.

show abstract

Variable neighborhood search approach with intensified shake for monitor placement

Casado

Mladenović²,

Sánchez‐Oro

et al. 2022

Networks

View full text Add to dashboard Cite

Several problems are emerging in the context of communication networks and most of them must be solved in reduced computing time since they affect to critical tasks. In this research, the monitor placement problem is tackled. This problem tries to cover the communications of an entire network by locating a monitor in specific nodes of the network, in such a way that every link remains surveyed. In case that a solution cannot be generated in the allowed computing time, a penalty will be assumed for each link uncovered. The problem is addressed by considering the variable neighborhood search framework, proposing a novel constructive method, an intelligent local search to optimize the improvement phase, and an intensified shake to guide the search to more promising solutions. The proposed algorithm is compared with a hybrid search evolutionary algorithm over a set of instances derived from real-life networks to prove its performance.

show abstract

Knowledge discovery of port scans from darknet

Cited by 24 publications

References 14 publications

Deep mining port scans from darknet

Deep mining port scans from darknet

An evolutionary hybrid search heuristic for monitor placement in communication networks

Variable neighborhood search approach with intensified shake for monitor placement

Contact Info

Product

Resources

About