RAVEN: Early Detection and Classification of Malicious Actors in an Academic Network
Abstract
Port scanning is an important technique for gathering sensitive information. We underscore the need for enhanced security systems, as port scanning, though an unusual activity, should be identified and suppressed early, especially given the number of reported incidents. In response to this challenge, we propose an intelligent and automated system that analyzes network traffic to detect and classify port scans in near real-time. Our contributions include the implementation and evaluation of the online system, demonstrating how the inclusion of more information improves performance, and realeased datasets for the academic community.References
Araujo, A. M., Bergamini de Neira, A., and Nogueira, M. (2023). Autonomous machine learning for early bot detection in the internet of things. Digital Communications and Networks, 9(6):1301–1309.
Bhuyan, M. H., Bhattacharyya, D., and Kalita, J. (2011). Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10):1565–1581.
Bou-Harb, E., Debbabi, M., and Assi, C. (2013). A statistical approach for fingerprinting probing activities. In 2013 International Conference on Availability, Reliability and Security, pages 21–30.
Cabaj, K. et al. (2018). Sdn-based mitigation of scanning attacks for the 5g internet of radio light system. In Proceedings of the 13th Inter. Conference on Availability, Reliability and Security, New York, NY, USA. Association for Computing Machinery.
Camacho, J. et al. (2019). Multivariate big data analysis for intrusion detection: 5 steps from the haystack to the needle. Computers & Security, 87:101603.
CERT.br (2023). Cert.br - estatística de incidentes notificados ao cert.br. [link].
Devan, P. and Khare, N. (2020). An efficient xgboost–dnn-based classification model for network intrusion detection system. Neural Comput. Appl., 32(16):12499–12514.
Do, E. H. and Gadepally, V. N. (2020). Classifying anomalies for network security. In ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2907–2911.
Griffioen, H. and Doerr, C. (2020). Discovering collaboration: Unveiling slow, distributed scanners based on common header field patterns. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–9.
Habibi Lashkari, A. et al. (2017). Characterization of tor traffic using time based features. In Int. Conference on Information Systems Security and Privacy, pages 253–262.
Liu, J., Gao, Y., and Hu, F. (2021). A fast network intrusion detection system using adaptive synthetic oversampling and lightgbm. Computers & Security, 106:102289.
Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E. S. (2019). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21(1):686–728.
Satheesh, N. et al. (2020). Flow-based anomaly intrusion detection using machine learning model with software defined networking for openflow network. Microprocessors and Microsystems, 79:103285.
Strom, B. E. et al. (2018). Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation.
Bhuyan, M. H., Bhattacharyya, D., and Kalita, J. (2011). Surveying Port Scans and Their Detection Methodologies. The Computer Journal, 54(10):1565–1581.
Bou-Harb, E., Debbabi, M., and Assi, C. (2013). A statistical approach for fingerprinting probing activities. In 2013 International Conference on Availability, Reliability and Security, pages 21–30.
Cabaj, K. et al. (2018). Sdn-based mitigation of scanning attacks for the 5g internet of radio light system. In Proceedings of the 13th Inter. Conference on Availability, Reliability and Security, New York, NY, USA. Association for Computing Machinery.
Camacho, J. et al. (2019). Multivariate big data analysis for intrusion detection: 5 steps from the haystack to the needle. Computers & Security, 87:101603.
CERT.br (2023). Cert.br - estatística de incidentes notificados ao cert.br. [link].
Devan, P. and Khare, N. (2020). An efficient xgboost–dnn-based classification model for network intrusion detection system. Neural Comput. Appl., 32(16):12499–12514.
Do, E. H. and Gadepally, V. N. (2020). Classifying anomalies for network security. In ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 2907–2911.
Griffioen, H. and Doerr, C. (2020). Discovering collaboration: Unveiling slow, distributed scanners based on common header field patterns. In NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pages 1–9.
Habibi Lashkari, A. et al. (2017). Characterization of tor traffic using time based features. In Int. Conference on Information Systems Security and Privacy, pages 253–262.
Liu, J., Gao, Y., and Hu, F. (2021). A fast network intrusion detection system using adaptive synthetic oversampling and lightgbm. Computers & Security, 106:102289.
Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E. S. (2019). A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Communications Surveys & Tutorials, 21(1):686–728.
Satheesh, N. et al. (2020). Flow-based anomaly intrusion detection using machine learning model with software defined networking for openflow network. Microprocessors and Microsystems, 79:103285.
Strom, B. E. et al. (2018). Mitre att&ck: Design and philosophy. In Technical report. The MITRE Corporation.
Published
2024-05-20
How to Cite
COELHO, Willen B.; ZANOTELLI, Vitor F.; COMARELA, Giovanni; VILLAÇA, Rodolfo S..
RAVEN: Early Detection and Classification of Malicious Actors in an Academic Network. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 351-364.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1384.
