Modeling of IP scanning activities with Hidden Markov Models: Darknet case study

Abstract : We propose a methodology based on Hidden Markov Models (HMMs) to model scanning activities monitored by a darknet. The HMMs of scanning activities are built on the basis of the number of scanned IP addresses within a time window and fitted using mixtures of Poisson distributions. Our methodology is applied on real data traces collected from a darknet and generated by two large scale scanners, ZMap and Shodan. We demonstrated that the built models are able to characterize their scanning activities.
Type de document :
Communication dans un congrès
8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca, Cyprus. International Conference on New Technologies, Mobility and Security (NTMS). 〈http://www.ntms-conf.org/ntms2016/〉
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01404127
Contributeur : Jérôme François <>
Soumis le : lundi 28 novembre 2016 - 13:46:42
Dernière modification le : lundi 9 avril 2018 - 15:05:45
Document(s) archivé(s) le : mardi 21 mars 2017 - 11:32:12

Fichier

NTMS2016.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01404127, version 1

Collections

Citation

Giulia De Santis, Abdelkader Lahmadi, Jerome Francois, Olivier Festor. Modeling of IP scanning activities with Hidden Markov Models: Darknet case study. 8th IFIP International Conference on New Technologies, Mobility and Security, Nov 2016, Larnaca, Cyprus. International Conference on New Technologies, Mobility and Security (NTMS). 〈http://www.ntms-conf.org/ntms2016/〉. 〈hal-01404127〉

Partager

Métriques

Consultations de la notice

424

Téléchargements de fichiers

206