Abstract
As web services have gone mainstream, incident diagnosis has become a vital tool in reducing service downtime and guaranteeing high service reliability. Telemetry data can be collected in many forms including time series and incident sequence data. Correlation analysis techniques are significant tools that cyber security experts utilize for incident diagnosis. Despite their importance, little research has been done on the correlation of two forms of data streams for incident diagnosis: continuous time series data and temporal event data. In this study, we propose an approach for evaluating the correlation between scanning campaigns and exploits publication events data. Using an events’ effect detection method, we investigate the relationship between network scans and exploits publication. We refer to exploits dataset that contains information about cyber events and the items that are affected. We also use a dataset of network scans taken from two telescope networks. We found that the ratio of exploits related to an increase in network scans can go up to 25% and changes depending on various factors, such as the platform and the type of the exploited service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Konceptanalytics and R. a. M. ltd.: Global Cyber Security Market (By Segment, EndUsers & Region): Insights & Forecast with Potential Impact of COVID-19 (2021–2025). https://www.researchandmarkets.com/reports/5510975/global-cyber-security-market-by-segmentend (2021)
Jumratjaroenvanit, A., Teng-Amnuay, Y.: Probability of attack based on system vulnerability life cycle. In: 2008 International Symposium on Electronic Commerce and Security. IEEE, pp. 531–535 (2008)
Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst.Sec. 17(1), 1:1–1:20 (2014)
Raftopoulos, E., Glatz, E., Dimitropoulos, X., Dainotti, A.: How dangerous is internet scanning? In: Steiner, M., Barlet-Ros, P., Bonaventure, O. (eds.) TMA 2015. LNCS, vol. 9053, pp. 158–172. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17172-2_11
Griffioen, H., Doerr, C.: Discovering collaboration: unveiling slow, distributed scanners based on common header field patterns. In: NOMS 2020 2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9 (2020)
Song, J., Cho, C., Won, Y.: Analysis of operating system identification via fingerprinting and machine learning. Comput. Electr. Eng. 78, 1–10 (2019)
Satheesh, N., et al.: Flow-based anomaly intrusion detection using machine learning model with software defined networking for OpenFlow network. Microprocess. Microsyst. 79, 103285 (2020)
Abid, A., Jemili, F.: Intrusion detection based on graph oriented big data analytics. Procedia Comp.r Sci. 176, 572–581 (2020)
Clotet, X., Moyano, J., León, G.: A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures. Int. J. Crit. Infrastruct. Prot. 23, 11–20 (2018)
Saidi, F., Trabelsi, Z., Ghazela, H.B.: Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection. Intelligent Decision Technol. 14(2), 171–180 (2020)
Householder, A.D., Chrabaszcz, J., Novelly, T., Warren, D., Spring, J.M.: Historical analysis of exploit availability timelines. In: 13th ${$USENIX$}$ Workshop on Cyber Security Experimentation and Test (${$CSET$}$ 20) (2020)
Yin, J., Tang, M., Cao, J., Wang, H.: Apply transfer learning to cybersecurity: predicting exploitability of vulnerabilities by description. Knowl.-Based Syst. 210, 106529 (2020)
Bhatt, N., Anand, A., Yadavalli, V.S.S.: Exploitability prediction of software vulnerabilities. Qual. Reliab. Eng. Int. 37(2), 648–663 (2021)
Edkrantz, M., Said, A.: Predicting Cyber Vulnerability Exploits with Machine Learning. In: SCAI, pp. 48–57 (2015)
Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., Shakarian, P.: Proactive identification of exploits in the wild through vulnerability mentions online. In: 2017 International Conference on Cyber Conflict (CyCon US). IEEE, pp. 82–88 (2017)
Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: Learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114 (2010)
Chinchani, R., van den Berg, E.: A fast static analysis approach to detect exploit code inside network flows. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 284–308. Springer, Heidelberg (2006). https://doi.org/10.1007/11663812_15
Zhang, Q., Reeves, D.S., Ning, P., Iyer, S.P.: Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS’07. Association for Computing Machinery, New York, NY, USA, pp. 4–12 (2007)
Houmz, A., Mezzour, G., Zkik, K., Ghogho. M., Benbrahim, H.: Detecting the impact of software vulnerability on attacks: a case study of network telescope scans. J. Network Comp. Appl. 103230 (2021)
Offensive Security’s Exploit Database Archive. https://www.exploit-db.com/
Offensive Security Community Projects | Offensive Security. https://www.offensivesecurity.com/community-projects/
Luo, C., et al.: Correlating events with time series for incident diagnosis. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining – KDD’14. ACM Press, New York, New York, USA, pp. 1583–1592 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Houmz, A., Cherqi, O., Zkik, K., Benbrahim, H. (2023). Emphasizing the Relationship between Scans and Exploits Events’ Data: An Exploratory Data Analysis Over Time. In: Mirzazadeh, A., Erdebilli, B., Babaee Tirkolaee, E., Weber, GW., Kar, A.K. (eds) Science, Engineering Management and Information Technology. SEMIT 2022. Communications in Computer and Information Science, vol 1808. Springer, Cham. https://doi.org/10.1007/978-3-031-40395-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-40395-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40394-1
Online ISBN: 978-3-031-40395-8
eBook Packages: Computer ScienceComputer Science (R0)