Back to Search
Start Over
Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates
- Source :
- IEEE Transactions on Network and Service Management, IEEE Transactions on Network and Service Management, 2022, pp.1-1. ⟨10.1109/TNSM.2022.3183497⟩
- Publication Year :
- 2022
- Publisher :
- HAL CCSD, 2022.
-
Abstract
- International audience; Network reconnaissance is the first step precedinga cyber-attack. Hence, monitoring the probing activities is im-perative to help security practitioners enhancing their awarenessabout Internet’s large-scale events or peculiar events targetingtheir network. In this paper, we present a framework foran improved and efficient monitoring of the probing activi-ties targeting network telescopes. Particularly, we model theprobing rates which are a good indicator for measuring thecyber-security risk targeting network services. The approachconsists of first inferring groups of network ports sharing similarprobing characteristics through a new affinity metric capturingboth temporal and semantic similarities between ports. Then,sequences of probing rates targeting similar ports are used asinputs to stacked Long Short-Term Memory (LSTM) neuralnetworks to predict probing rates 1 hour and 1 day in advance.Finally, we describe two monitoring indicators that use theprediction models to infer anomalous probing traffic and toraise early threat warnings. We show that LSTM networkscan accurately predict probing rates, outperforming the non-stationary autoregressive model, and we demonstrate that themonitoring indicators are efficient in assessing the cyber-securityrisk related to vulnerability disclosure
- Subjects :
- network monitoring and measurements
Computer Networks and Communications
deep learning
security situational awareness
artificial intelligence
unsupervised learning
net- work telescope
[INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
machine learning
[INFO.INFO-LG]Computer Science [cs]/Machine Learning [cs.LG]
security management
[INFO]Computer Science [cs]
threat monitoring
Electrical and Electronic Engineering
Subjects
Details
- Language :
- English
- ISSN :
- 19324537
- Database :
- OpenAIRE
- Journal :
- IEEE Transactions on Network and Service Management, IEEE Transactions on Network and Service Management, 2022, pp.1-1. ⟨10.1109/TNSM.2022.3183497⟩
- Accession number :
- edsair.doi.dedup.....ca895e829a5100db29db99b6ed259494