Capture and Study of Attackers in Darknet

Manobala Nirmala 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : In this report, we detail the analysis of data captured from network telescopes deployed in Nancy and Tokyo that is to be indexed in a distributed search engine. A visual statistical analysis is performed on the indexed data and then the data is characterized to find network scan attacks. Dynamic adaptive clustering technique is used to detect scan attacks like IP sweep and port sweep in network data, which are later further categorized into sub types based on the cluster type. The data derived from visualizations of the indexed network data is compared against the attacks detected using the clustering algorithm, to detect similarities between them, if available. Additionally, results were analyzed to check if attacks spread over a long period of time could be detected using clustering. Then from the derived analytics the most frequently targeted ports are extracted for both Nancy and Tokyo to provide an overview of the targeted services running on those ports.A comprehensive comparative analysis is made to determine more information about the geographical variance in attack patterns between the network data gathered in Nancy and Tokyo.
Type de document :
[Intership report] Université de Lorraine. 2015
Liste complète des métadonnées
Contributeur : Jérôme François <>
Soumis le : mercredi 16 décembre 2015 - 13:21:22
Dernière modification le : mardi 18 décembre 2018 - 16:26:02


  • HAL Id : hal-01244875, version 1



Manobala Nirmala. Capture and Study of Attackers in Darknet. [Intership report] Université de Lorraine. 2015. 〈hal-01244875〉



Consultations de la notice