Skip to main content
SpringerLink
Log in

Emphasizing the Relationship between Scans and Exploits Events’ Data: An Exploratory Data Analysis Over Time

  • Conference paper
  • First Online:
Science, Engineering Management and Information Technology (SEMIT 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1808))

Abstract

As web services have gone mainstream, incident diagnosis has become a vital tool in reducing service downtime and guaranteeing high service reliability. Telemetry data can be collected in many forms including time series and incident sequence data. Correlation analysis techniques are significant tools that cyber security experts utilize for incident diagnosis. Despite their importance, little research has been done on the correlation of two forms of data streams for incident diagnosis: continuous time series data and temporal event data. In this study, we propose an approach for evaluating the correlation between scanning campaigns and exploits publication events data. Using an events’ effect detection method, we investigate the relationship between network scans and exploits publication. We refer to exploits dataset that contains information about cyber events and the items that are affected. We also use a dataset of network scans taken from two telescope networks. We found that the ratio of exploits related to an increase in network scans can go up to 25% and changes depending on various factors, such as the platform and the type of the exploited service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Konceptanalytics and R. a. M. ltd.: Global Cyber Security Market (By Segment, EndUsers & Region): Insights & Forecast with Potential Impact of COVID-19 (2021–2025). https://www.researchandmarkets.com/reports/5510975/global-cyber-security-market-by-segmentend (2021)

  2. Jumratjaroenvanit, A., Teng-Amnuay, Y.: Probability of attack based on system vulnerability life cycle. In: 2008 International Symposium on Electronic Commerce and Security. IEEE, pp. 531–535 (2008)

    Google Scholar 

  3. Allodi, L., Massacci, F.: Comparing vulnerability severity and exploits using case-control studies. ACM Trans. Inf. Syst.Sec. 17(1), 1:1–1:20 (2014)

    Google Scholar 

  4. Raftopoulos, E., Glatz, E., Dimitropoulos, X., Dainotti, A.: How dangerous is internet scanning? In: Steiner, M., Barlet-Ros, P., Bonaventure, O. (eds.) TMA 2015. LNCS, vol. 9053, pp. 158–172. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17172-2_11

    Chapter  Google Scholar 

  5. Griffioen, H., Doerr, C.: Discovering collaboration: unveiling slow, distributed scanners based on common header field patterns. In: NOMS 2020 2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9 (2020)

    Google Scholar 

  6. Song, J., Cho, C., Won, Y.: Analysis of operating system identification via fingerprinting and machine learning. Comput. Electr. Eng. 78, 1–10 (2019)

    Article  Google Scholar 

  7. Satheesh, N., et al.: Flow-based anomaly intrusion detection using machine learning model with software defined networking for OpenFlow network. Microprocess. Microsyst. 79, 103285 (2020)

    Article  Google Scholar 

  8. Abid, A., Jemili, F.: Intrusion detection based on graph oriented big data analytics. Procedia Comp.r Sci. 176, 572–581 (2020)

    Article  Google Scholar 

  9. Clotet, X., Moyano, J., León, G.: A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures. Int. J. Crit. Infrastruct. Prot. 23, 11–20 (2018)

    Article  Google Scholar 

  10. Saidi, F., Trabelsi, Z., Ghazela, H.B.: Fuzzy IDS as a service on the cloud for malicious TCP port scanning traffic detection. Intelligent Decision Technol. 14(2), 171–180 (2020)

    Article  Google Scholar 

  11. Householder, A.D., Chrabaszcz, J., Novelly, T., Warren, D., Spring, J.M.: Historical analysis of exploit availability timelines. In: 13th ${$USENIX$}$ Workshop on Cyber Security Experimentation and Test (${$CSET$}$ 20) (2020)

    Google Scholar 

  12. Yin, J., Tang, M., Cao, J., Wang, H.: Apply transfer learning to cybersecurity: predicting exploitability of vulnerabilities by description. Knowl.-Based Syst. 210, 106529 (2020)

    Article  Google Scholar 

  13. Bhatt, N., Anand, A., Yadavalli, V.S.S.: Exploitability prediction of software vulnerabilities. Qual. Reliab. Eng. Int. 37(2), 648–663 (2021)

    Article  Google Scholar 

  14. Edkrantz, M., Said, A.: Predicting Cyber Vulnerability Exploits with Machine Learning. In: SCAI, pp. 48–57 (2015)

    Google Scholar 

  15. Almukaynizi, M., Nunes, E., Dharaiya, K., Senguttuvan, M., Shakarian, J., Shakarian, P.: Proactive identification of exploits in the wild through vulnerability mentions online. In: 2017 International Conference on Cyber Conflict (CyCon US). IEEE, pp. 82–88 (2017)

    Google Scholar 

  16. Bozorgi, M., Saul, L.K., Savage, S., Voelker, G.M.: Beyond heuristics: Learning to classify vulnerabilities and predict exploits. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 105–114 (2010)

    Google Scholar 

  17. Chinchani, R., van den Berg, E.: A fast static analysis approach to detect exploit code inside network flows. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 284–308. Springer, Heidelberg (2006). https://doi.org/10.1007/11663812_15

    Chapter  Google Scholar 

  18. Zhang, Q., Reeves, D.S., Ning, P., Iyer, S.P.: Analyzing network traffic to detect self-decrypting exploit code. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS’07. Association for Computing Machinery, New York, NY, USA, pp. 4–12 (2007)

    Google Scholar 

  19. Houmz, A., Mezzour, G., Zkik, K., Ghogho. M., Benbrahim, H.: Detecting the impact of software vulnerability on attacks: a case study of network telescope scans. J. Network Comp. Appl. 103230 (2021)

    Google Scholar 

  20. Offensive Security’s Exploit Database Archive. https://www.exploit-db.com/

  21. Offensive Security Community Projects | Offensive Security. https://www.offensivesecurity.com/community-projects/

  22. Luo, C., et al.: Correlating events with time series for incident diagnosis. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining – KDD’14. ACM Press, New York, New York, USA, pp. 1583–1592 (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TICLab, International University of Rabat, Rabat, Morocco

    Abdellah Houmz & Othmane Cherqi

  2. ENSIAS, Mohammed V University of Rabat, Rabat, Morocco

    Abdellah Houmz, Othmane Cherqi & Houda Benbrahim

  3. ESAIP Ecole d’Ingénieur, CERADE, Angers, France

    Karim Zkik

Authors
  1. Abdellah Houmz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Othmane Cherqi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karim Zkik
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Houda Benbrahim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abdellah Houmz .

Editor information

Editors and Affiliations

  1. Kharazmi University, Tehran, Iran

    Abolfazl Mirzazadeh

  2. Ankara Yıldırım Beyazıt University, Ankara, Türkiye

    Babek Erdebilli

  3. Istinye University, Istanbul, Türkiye

    Erfan Babaee Tirkolaee

  4. Poznań University of Technology, Poznań, Poland

    Gerhard-Wilhelm Weber

  5. Indian Institute of Technology Delhi, New Delhi, India

    Arpan Kumar Kar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Houmz, A., Cherqi, O., Zkik, K., Benbrahim, H. (2023). Emphasizing the Relationship between Scans and Exploits Events’ Data: An Exploratory Data Analysis Over Time. In: Mirzazadeh, A., Erdebilli, B., Babaee Tirkolaee, E., Weber, GW., Kar, A.K. (eds) Science, Engineering Management and Information Technology. SEMIT 2022. Communications in Computer and Information Science, vol 1808. Springer, Cham. https://doi.org/10.1007/978-3-031-40395-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-40395-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-40394-1

  • Online ISBN: 978-3-031-40395-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation