Knowledge Discovery of Port Scans from Darknet

Sofiane Lagraa 1 Jerome Francois 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : Port scanning is widely used in Internet prior for attacks in order to identify accessible and potentially vulnerable hosts. In this work, we propose an approach that allows to discover port scanning behavior patterns and group properties of port scans. This approach is based on graph modelling and graph mining. It provides to security analysts relevant information of what services are jointly targeted, and the relationship of the scanned ports. This is helpful to assess the skills and strategy of the attacker. We applied our method to data collected from a large darknet data, i.e. a full /20 network where no machines or services are or have been hosted to study scanning activities.
Document type :
Conference papers
Complete list of metadatas

Cited literature [17 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01636215
Contributor : Jérôme François <>
Submitted on : Thursday, November 16, 2017 - 12:08:11 PM
Last modification on : Thursday, February 7, 2019 - 4:53:22 PM
Long-term archiving on : Saturday, February 17, 2018 - 1:22:22 PM

File

annet.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01636215, version 1

Citation

Sofiane Lagraa, Jerome Francois. Knowledge Discovery of Port Scans from Darknet. IFIP/IEEE Symposium on Integrated Network and Service Management (IM) - AnNet workshop, May 2017, Lisbonne, Portugal. ⟨hal-01636215⟩

Share

Metrics

Record views

233

Files downloads

584