Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates

Abstract : Understanding the properties exhibited by large scale network probing traffic would improve cyber threat intelligence. In addition, the prediction of probing rates is a key feature for security practitioners in their endeavors for making better operational decisions and for enhancing their defense strategy skills. In this work, we study different aspects of the traffic captured by a /20 network telescope. First, we perform an exploratory data analysis of the collected probing activities. The investigation includes probing rates at the port level, services interesting top network probers and the distribution of probing rates by geolocation. Second, we extract the network probers exploration patterns. We model these behaviors using transition graphs decorated with probabilities of switching from a port to another. Finally, we assess the capacity of Non-stationary Autoregressive and Vector Autoregressive models in predicting port probing rates as a first step towards using more robust models for better forecasting performance.
Document type :
Conference papers
Complete list of metadatas

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-01947984
Contributor : Jérôme François <>
Submitted on : Friday, December 7, 2018 - 12:54:24 PM
Last modification on : Thursday, February 7, 2019 - 4:58:40 PM
Long-term archiving on : Friday, March 8, 2019 - 2:36:59 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01947984, version 1

Collections

Citation

Mehdi Zakroum, Abdellah Houmz, Mounir Ghogho, Ghita Mezzour, Abdelkader Lahmadi, et al.. Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates. ISI 2018 - IEEE Intelligence and Security Informatics, Nov 2018, Miami, United States. ⟨hal-01947984⟩

Share

Metrics

Record views

180

Files downloads

243