Skip to Main content Skip to Navigation
New interface
Conference papers

Internet-Wide Scanners Classification using Gaussian Mixture and Hidden Markov Models

Giulia de Santis 1 Abdelkader Lahmadi 1 Jérôme François 1 Olivier Festor 1 
1 RESIST - Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : Internet-wide scanners are heavily used for malicious activities. This work models, from the scanned system point of view, spatial and temporal movements of network scanning activities, related to the difference of successive scanned IP addresses and timestamps, respectively. Based on real logs of incoming IP packets collected from a darknet, Hidden Markov Models (HMMs) are used to assess what scanning technique is operating. The proposed methodology, using only one of the aforementioned features of the scanning technique, is able to fingerprint what network scanner originated the perceived darknet traffic.
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Abdelkader Lahmadi Connect in order to contact the contributor
Submitted on : Monday, November 26, 2018 - 10:49:29 PM
Last modification on : Friday, February 4, 2022 - 3:30:42 AM
Long-term archiving on: : Wednesday, February 27, 2019 - 3:42:41 PM


Files produced by the author(s)


  • HAL Id : hal-01935664, version 1


Giulia de Santis, Abdelkader Lahmadi, Jérôme François, Olivier Festor. Internet-Wide Scanners Classification using Gaussian Mixture and Hidden Markov Models. NTMS 2018 - 9th IFIP International Conference on New Technologies, Mobility and Security, Feb 2018, Paris, France. ⟨hal-01935664⟩



Record views


Files downloads