Detecting the impact of software vulnerability on attacks: A case study of network telescope scans

Houmz, Abdellah; Mezzour, Ghita; Zkik, Karim; Ghogho, Mounir; Benbrahim, Houda

doi:10.1016/j.jnca.2021.103230

Cited by 6 publications

(2 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [16], the authors studied the impact of vulnerabilities on the volume of scans. They designed machine learning models to predict the impact of vulnerabilities, and they show that, by leveraging a set of features characterizing a vulnerability, they can accurately predict whether or not it will imply an increase in the volume of scans after its disclosure.…”

Section: Related Workmentioning

confidence: 99%

Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates

Zakroum

Jérôme

Chrisment

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Network reconnaissance is the first step preceding a cyber-attack. Hence, monitoring the probing activities is imperative to help security practitioners enhancing their awareness about Internet's large-scale events or peculiar events targeting their network. In this paper, we present a framework for an improved and efficient monitoring of the probing activities targeting network telescopes. Particularly, we model the probing rates which are a good indicator for measuring the cyber-security risk targeting network services. The approach consists of first inferring groups of network ports sharing similar probing characteristics through a new affinity metric capturing both temporal and semantic similarities between ports. Then, sequences of probing rates targeting similar ports are used as inputs to stacked Long Short-Term Memory (LSTM) neural networks to predict probing rates 1 hour and 1 day in advance. Finally, we describe two monitoring indicators that use the prediction models to infer anomalous probing traffic and to raise early threat warnings. We show that LSTM networks can accurately predict probing rates, outperforming the nonstationary autoregressive model, and we demonstrate that the monitoring indicators are efficient in assessing the cyber-security risk related to vulnerability disclosure.

show abstract

Section: Related Workmentioning

confidence: 99%

Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates

Zakroum

Jérôme

Chrisment

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Analysing of these four dimensions, the real overseas attacks can be identified and the credibility of attack data can be improved. By observation, the real attack form on the sensing system are mainly SQL injection, XSS attack [9, 11], network scanning [4], sensitive information disclosure, host detection, file upload, permission bypass, directory traversal and so on [12]. It is notice that the high efficiency of security tactics contains effectiveness, fast convergence, and low error blocking rate.…”

Section: Introductionmentioning

confidence: 99%

Network Attack Model and Security Strategy Optimization Based on Defense System

Liu,

Fan,

et al. 2023

View full text Add to dashboard Cite

Recently, the situation of network security is becoming more and more serious, and the attacks on key information systems are more frequent. Predicting attackers and attack behavior accurately and efficiently is the key to ensure system network security. In our work, the company's cloud firewall (FW), Intranet firewall and situational awareness (SA) system were used to collect and analyze the data of overseas attacks on the company's key information system in the recent quarter. Furthermore, we first establish a mathematical model of the network attack based on the dynamic theory. It is fantastic that the theory fits in well with the practice so that we can employ the model created by the oscillation theory to forecast the circumstance precisely. In particular, we optimize the security strategy correspondingly to make the number of overseas attacks converge tremendously and achieve efficient blocking, when the production and operation of the enterprise keep undertaking ordinarily with little error banning.

show abstract

Emphasizing the Relationship between Scans and Exploits Events’ Data: An Exploratory Data Analysis Over Time

Houmz,

Cherqi,

Zkik

et al. 2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

Detecting the impact of software vulnerability on attacks: A case study of network telescope scans

Cited by 6 publications

References 30 publications

Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates

Monitoring Network Telescopes and Inferring Anomalous Traffic Through the Prediction of Probing Rates

Network Attack Model and Security Strategy Optimization Based on Defense System

Emphasizing the Relationship between Scans and Exploits Events’ Data: An Exploratory Data Analysis Over Time

Contact Info

Product

Resources

About