Knowledge Discovery of Port Scans from Darknet

International audiencePort scanning is widely used in Internet prior for attacks in order to identify accessible and potentially vulnerable hosts. In this work, we propose an approach that allows to discover port scanning behavior patterns and group properties of port scans. This approach is based on graph modelling and graph mining. It provides to security analysts relevant information of what services are jointly targeted, and the relationship of the scanned ports. This is helpful to assess the skills and strategy of the attacker. We applied our method to data collected from a large darknet data, i.e. a full /20 network where no machines or services are or have been hosted to study scanning activities

Deep Mining Port Scans from Darknet

International audienceTCP/UDP port scanning or sweeping is one of the most common technique used by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with as a final goal to better mitigate them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of ports. Our method is fully automated based on graph modeling and data mining techniques including text mining. It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker, such that understanding the types of applications or environment she targets. We applied our method to data collected through a large Internet telescope (or Darknet)

Ragnar : ferramenta para Pentest em dispositivos da Internet das Coisas

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2017.A Internet das Coisas é tida como o novo paradigma dos sistemas de computação. Ela provê uma maior integração entre dispositivos e usuários e facilita a obtenção de dados para diversas áreas. Com a premissa de que tudo pode ser conectado, ela possibilita serviços anteriormente difíceis de serem fornecidos e permite um avanço na conexão entre dispositivos. Porém, a presença desses dispositivos interconectados na extração de informações críticas ou pessoais acaba sendo constante e torna-se necessário garantir a segurança implementada para evitar vazamentos de dados. Esse este estudo traz, portanto, uma análise dos maiores problemas de segurança relatados para esse paradigma e propõe uma ferramenta que realiza testes de intrusão com o objetivo de assegurar que vulnerabilidades estão sendo tratadas. Espera-se que a ferramenta atenda à demanda por testes mais precisos e que seja continuamente atualizada conforme os cenários sejam alterados.The Internet of Things is regarded as the new paradigm of computer systems. It provides a better integration between devices and users and makes it easier to obtain data for several areas. With the premise that everything can be connected, it enables previously difficult services to be provided and allows a breakthrough in the connection between devices. However, the presence of these interconnected devices in the extraction of critical or personal information ends up being constant and it becomes necessary to guarantee the security implemented to avoid data leakage. This study therefore provides an analysis of the major security problems reported for this paradigm and proposes a tool that performs penetration tests with the purpose of ensuring that vulnerabilities are being addressed. The tool is expected to meet the demand for more accurate testing and to continually update as the scenarios change