Abstract | ||
---|---|---|
We propose a methodology based on Hidden Markov Models (HMMs) to model scanning activities monitored by a darknet. The HMMs of scanning activities are built on the basis of the number of scanned IP addresses within a time window and fitted using mixtures of Poisson distributions. Our methodology is applied on real data traces collected from a darknet and generated by two large scale scanners, ZMap and Shodan. We demonstrated that the built models are able to characterize their scanning activities. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/NTMS.2016.7792461 | 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) |
Keywords | Field | DocType |
IP scanning activity modeling,hidden Markov models,HMM,darknet case study,IP address scanning,Poisson distributions,data traces,ZMap,Shodan | Markov process,Darknet,Computer science,Artificial intelligence,Poisson distribution,Hidden Markov model,Machine learning,The Internet | Conference |
ISBN | Citations | PageRank |
978-1-5090-2915-0 | 0 | 0.34 |
References | Authors | |
5 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Giulia De Santis | 1 | 2 | 0.72 |
Abdelkader Lahmadi | 2 | 90 | 18.46 |
Jérôme François | 3 | 16 | 1.38 |
Olivier Festor | 4 | 665 | 85.40 |