The internet is rapidly growing, and with it grows the number of malicious actors. For many attacks, the attacker first scans the internet to detect vulnerable devices. In order to evade detection, the attacker distributes the scanning over a large number of machines. Because attackers are distributing this scanning and there is no way to find these scanners, we have no knowledge of what groups are actually scanning the internet and what they are up to. This thesis proposes a method to identify and fingerprint these distributed scanning groups. It does so in order to detect and analyze slow scanning groups that are actively trying to remain undetected by companies. The data used for this thesis originates from a large network telescope oper...
Current scanning detection algorithms are based on an underlying assumption that scanning activity c...
AbstractThis paper presents a machine learning approach to large-scale monitoring for malicious acti...
International audiencePort scanning is widely used in Internet prior for attacks in order to identif...
Abstract While it is widely known that port scanning is widespread, neither the scanning landscape n...
This thesis focuses on the classification of behavioural aspects of scanners based on unroutable tra...
Careful examination of the composition and concentration of malicious traffic in transit on the chan...
Detecting and investigating intrusive Internet activity is an ever-present challenge for network adm...
While it is widely known that port scanning is widespread, neither the scanning landscape nor the de...
TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discove...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
AbstractA network telescope is a portion of IP address space dedicated to observing inbound internet...
Prior to exploiting a vulnerable service, adversaries perform a port scan to detect open ports on a ...
Network Telescopes, Internet backbone sampling, IDS and other forms of network-sourced Threat Intell...
Network scanning reveals valuable information of accessible hosts over the Internet and their offere...
International audienceTCP/UDP port scanning or sweeping is one of the most common technique used by ...
Current scanning detection algorithms are based on an underlying assumption that scanning activity c...
AbstractThis paper presents a machine learning approach to large-scale monitoring for malicious acti...
International audiencePort scanning is widely used in Internet prior for attacks in order to identif...
Abstract While it is widely known that port scanning is widespread, neither the scanning landscape n...
This thesis focuses on the classification of behavioural aspects of scanners based on unroutable tra...
Careful examination of the composition and concentration of malicious traffic in transit on the chan...
Detecting and investigating intrusive Internet activity is an ever-present challenge for network adm...
While it is widely known that port scanning is widespread, neither the scanning landscape nor the de...
TCP/UDP port scanning or sweeping is one of the most common technique used 3 by attackers to discove...
Scans are often used by adversaries to determine the potential weaknesses in a target network or sys...
AbstractA network telescope is a portion of IP address space dedicated to observing inbound internet...
Prior to exploiting a vulnerable service, adversaries perform a port scan to detect open ports on a ...
Network Telescopes, Internet backbone sampling, IDS and other forms of network-sourced Threat Intell...
Network scanning reveals valuable information of accessible hosts over the Internet and their offere...
International audienceTCP/UDP port scanning or sweeping is one of the most common technique used by ...
Current scanning detection algorithms are based on an underlying assumption that scanning activity c...
AbstractThis paper presents a machine learning approach to large-scale monitoring for malicious acti...
International audiencePort scanning is widely used in Internet prior for attacks in order to identif...