CSC-Detector: A System to Infer Large-Scale Probing Campaigns - 2018

PROJECT TITLE :

CSC-Detector: A System to Infer Large-Scale Probing Campaigns - 2018

ABSTRACT:

This Project uniquely leverages unsolicited real darknet information to propose a completely unique system, CSC-Detector, that aims at identifying Cyber Scanning Campaigns. The latter outline a new phenomenon of probing events that are distinguished by their orchestration (i.e., coordination) patterns. To attain its aim, CSC-Detector adopts 3 engines. Its fingerprinting engine exploits a distinctive observation to extract probing activities from darknet traffic. The system's inference engine employs a group of behavioral analytics to get numerous significant insights connected to the machinery of the probing sources while its analysis engine exploits the previously obtained inferences to automatically infer the campaigns. CSC-Detector is empirically evaluated and validated using 240 GB of real darknet knowledge. The outcome discloses 3 recent, previously unreported large-scale probing campaigns targeting diverse Internet services. Additional, one of these inferred campaigns revealed that the sipscan campaign that was initially analyzed by CAIDA is arguably still active, nevertheless operating in a stealthy, terribly low rate mode. We envision that the proposed system that's tailored towards darknet data, that is usually, abundantly and effectively used to get cyber threat intelligence, could be used by network security analysts, emergency response groups and/or observers of cyber events to infer large-scale orchestrated probing campaigns. This would be utilised for early cyber attack warning and notification in addition to for simplified analysis and tracking of such events.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here