Capture and Study of Attackers in Darknet

Manobala Nirmala 1
1 MADYNES - Management of dynamic networks and services
LORIA - NSS - Department of Networks, Systems and Services, Inria Nancy - Grand Est
Abstract : In this report, we detail the analysis of data captured from network telescopes deployed in Nancy and Tokyo that is to be indexed in a distributed search engine. A visual statistical analysis is performed on the indexed data and then the data is characterized to find network scan attacks. Dynamic adaptive clustering technique is used to detect scan attacks like IP sweep and port sweep in network data, which are later further categorized into sub types based on the cluster type. The data derived from visualizations of the indexed network data is compared against the attacks detected using the clustering algorithm, to detect similarities between them, if available. Additionally, results were analyzed to check if attacks spread over a long period of time could be detected using clustering. Then from the derived analytics the most frequently targeted ports are extracted for both Nancy and Tokyo to provide an overview of the targeted services running on those ports.A comprehensive comparative analysis is made to determine more information about the geographical variance in attack patterns between the network data gathered in Nancy and Tokyo.
Complete list of metadatas

https://hal.inria.fr/hal-01244875
Contributor : Jérôme François <>
Submitted on : Wednesday, December 16, 2015 - 1:21:22 PM
Last modification on : Tuesday, February 5, 2019 - 2:46:01 PM

Identifiers

  • HAL Id : hal-01244875, version 1

Collections

Citation

Manobala Nirmala. Capture and Study of Attackers in Darknet. [Intership report] Université de Lorraine. 2015. ⟨hal-01244875⟩

Share

Metrics

Record views

139