Modeling of IP scanning activities with Hidden Markov Models: Darknet case study

Conference object English OPEN
De Santis , Giulia; Lahmadi , Abdelkader; Francois , Jerome; Festor , Olivier;
  • Publisher: HAL CCSD
  • Subject: [ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI] | Hidden Markov Models | Index Terms—Network scanning | Poisson dis- tribution models | ZMap | HMMs | Shodan

International audience; We propose a methodology based on Hidden Markov Models (HMMs) to model scanning activities monitored by a darknet. The HMMs of scanning activities are built on the basis of the number of scanned IP addresses within a time window and fitted using ... View more
  • References (13)
    13 references, page 1 of 2

    [1] P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in Communications and Multimedia Security, ser. Lecture Notes in Computer Science, B. De Decker and A. Zu´quete, Eds. Springer Berlin Heidelberg, 2014, vol. 8735, pp. 63-72. [Online]. Available: 5

    [2] E. Bou-Harb, M. Debbabi, and C. Assi, “A time series approach for inferring orchestrated probing campaigns by analyzing darknet traffic,” in 2015 10th International Conference on Availability, Reliability and Security (ARES). IEEE, 2015, pp. 180-185.

    --, “On fingerprinting probing activities,” Computers & Security, vol. 43, pp. 35-48, 2014.

    [4] C. Fachkha and M. Debbabi, “Darknet as a source of cyber intelligence: Survey, taxonomy, and characterization,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1197-1227, 2016.

    [5] Z. Durumeric, E. Wustrow, and J. A. Halderman, “Zmap: Fast internet-wide scanning and its security applications.” in Usenix Security, vol. 2013, 2013.

    [6] E. Isa and N. Sklavos, “Smart home automation: Gsm security system design & implementation,” in 3rd Conference on Electronics and Telecommunications (PACET15), 2015.

    [7] R. Bodenheim, J. Butts, S. Dunlap, and B. Mullins, “Evaluation of the ability of the shodan search engine to identify internet-facing industrial control devices,” International Journal of Critical Infrastructure Protection, vol. 7, no. 2, pp. 114-123, 2014.

    [8] R. D. Graham, “Masscan: Mass ip port scanner,” URL: https://github. com/robertdavidgraham/masscan, 2014.

    [9] Z. Durumeric, M. Bailey, and J. A. Halderman, “An internet-wide view of internet-wide scanning,” in 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 65-78.

    [10] D. Leonard, Z. Yao, X. Wang, and D. Loguinov, “Stochastic analysis of horizontal ip scanning,” in INFOCOM, 2012 Proceedings IEEE. IEEE, 2012, pp. 2077-2085.

  • Similar Research Results (1)
  • Metrics
Share - Bookmark