Modeling of IP Scanning Activities with Hidden Markov Models: Darknet Case Study - Citegraph

Paper Info

Title
Modeling of IP Scanning Activities with Hidden Markov Models: Darknet Case Study

Abstract
We propose a methodology based on Hidden Markov Models (HMMs) to model scanning activities monitored by a darknet. The HMMs of scanning activities are built on the basis of the number of scanned IP addresses within a time window and fitted using mixtures of Poisson distributions. Our methodology is applied on real data traces collected from a darknet and generated by two large scale scanners, ZMap and Shodan. We demonstrated that the built models are able to characterize their scanning activities.

Year	DOI	Venue
2016	10.1109/NTMS.2016.7792461	2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS)
Keywords	Field	DocType
IP scanning activity modeling,hidden Markov models,HMM,darknet case study,IP address scanning,Poisson distributions,data traces,ZMap,Shodan	Markov process,Darknet,Computer science,Artificial intelligence,Poisson distribution,Hidden Markov model,Machine learning,The Internet	Conference
ISBN	Citations	PageRank
978-1-5090-2915-0	0	0.34
References	Authors
5	4

Authors (4 rows)

Cited by (0 rows)

References (5 rows)

Name	Order	Citations	PageRank
Giulia De Santis	1	2	0.72
Abdelkader Lahmadi	2	90	18.46
Jérôme François	3	16	1.38
Olivier Festor	4	665	85.40

1