Paper Info
Title
Deep mining port scans from darknet
Abstract
AbstractSummaryTCP/UDP port scanning or sweeping is one of the most common technique used by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of ports. Our method is fully automated based on graph modeling and data mining techniques, including text mining.It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet).This paper targets multiple goals. The first one is to make progress in developing a unified approach to measure the similarity of ports from official source descriptions using text mining techniques. The second one is to leverage data mining techniques on darknet data for discovering new strategies of port scans performed over time in vertical scans as well as in horizontal scans. Third, it provides to security analysts and operators relevant information about services that are jointly targeted by attackers. View Figure
Year
DOI
Venue
2019
10.1002/nem.2065
Periodicals
Field
DocType
Volume
Computer science,Darknet,Computer network
Journal
29
Issue
ISSN
Citations 
3
1099-1190
1
PageRank 
References 
Authors
0.36
8
4
Name
Order
Citations
PageRank
Sofiane Lagraa1287.48
Yutian Chen210.36
Jérôme François317021.81
Jérôme François417021.81