Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates

Add code
Dec 23, 2018
Mehdi Zakroum, Abdellah Houmz, Mounir Ghogho, Ghita Mezzour, Abdelkader Lahmadi, Jérôme François, Mohammed El Koutbi
Figure 1 for Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates
Figure 2 for Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates
Figure 3 for Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates
Figure 4 for Exploratory Data Analysis of a Network Telescope Traffic and Prediction of Port Probing Rates

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Understanding the properties exhibited by large scale network probing traffic would improve cyber threat intelligence. In addition, the prediction of probing rates is a key feature for security practitioners in their endeavors for making better operational decisions and for enhancing their defense strategy skills. In this work, we study different aspects of the traffic captured by a /20 network telescope. First, we perform an exploratory data analysis of the collected probing activities. The investigation includes probing rates at the port level, services interesting top network probers and the distribution of probing rates by geolocation. Second, we extract the network probers exploration patterns. We model these behaviors using transition graphs decorated with probabilities of switching from a port to another. Finally, we assess the capacity of Non-stationary Autoregressive and Vector Autoregressive models in predicting port probing rates as a first step towards using more robust models for better forecasting performance.

* IEEE Intelligence and Security Informatics  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon