Detection of Port Scans Through Intelligent Analysis of IoT Network Traffic
Abstract
Port scanning is a technique to identify the state of a network port. It finds open ports and vulnerabilities in the network or system. Port scanning is a first step in different attack vectors. Hence, it is essential to detect port scans to limit their impacts. Traditional methods for detecting port scans are limited because they rely on static rules and prior knowledge of the structure of the network. This work presents a new method for detecting port scanning in the Internet of Things (IoT) communication, relying on machine learning techniques. The method uses specific traffic features to create a profile of attack behavior. Through neural networks, the developed model identifies port scanning regardless of the network topology. Results show up to 90% efficiency in identifying a port scanning.References
Abbiati, G., Ranise, S., Schizzerotto, A., and Siena, A. (2021). Merging datasets of cybersecurity incidents for fun and insight. Frontiers in Big Data, 3.
Abu Bakar, R. and Kijsirikul, B. (2023). Enhancing network visibility and security with advanced port scanning techniques. Sensors, 23(17).
Al-Haija, Q. A., Saleh, E., and Alnabhan, M. (2021). Detecting port scan attacks using logistic regression. In 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pages 1–5.
Almseidin, M., Al-Sawwa, J., and Alkasassbeh, M. (2022). Multi-step cyber-attack dataset (mscad for intrusion detection).
Baah, E. K., Yirenkyi, S., Asamoah, D., Oppong, S. O., Opoku-Mensah, E., Partey, B. T., Sackey, A. K., Kornyo, O., and Obu, E. (2022). Enhancing port scans attack detection using principal component analysis and machine learning algorithms. In International Conference on Frontiers in Cyber Security, pages 119–133. Springer.
Brahmi, H., Brahmi, I., and Ben Yahia, S. (2012). Omc-ids: at the cross-roads of olap mining and intrusion detection. In Advances in Knowledge Discovery and Data Mining: 16th Pacific-Asia Conference, PAKDD, Kuala Lumpur, Malaysia, May 29–June 1, 2012, Proceedings, Part II 16, pages 13–24. Springer.
CERT.BR (2023). Estatísticas dos Incidentes Reportados ao CERT. br. Disponível em: [link]. Acessado em Janeiro, 2024.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications: Centralized and federated learning.
Fortuna, P., Ferreira, J., Pires, L., Routar, G., and Nunes, S. (2018). Merging datasets for aggressive text identification. In Kumar, R., Ojha, A. K., Zampieri, M., and Malmasi, S., editors, Proceedings of the First Workshop on Trolling, Aggression and Cyber-bullying (TRAC-2018), pages 128–139, Santa Fe, New Mexico, USA. Association for Computational Linguistics.
Ge, J., Li, T., and Wu, Y. (2023). Online Encrypted Traffic Classification Based on Lightweight Neural Networks, pages 109–128. Wiley-IEEE Press.
Hartpence, B. and Kwasinski, A. (2020). Combating tcp port scan attacks using sequential neural networks. In International Conference on Computing, Networking and Communications (ICNC), pages 256–260. IEEE.
Huang, H., Wlazlo, P., Sahu, A., Walker, A., Goulart, A., Davis, K., Swiler, L., Tarman, T., and Vugrin, E. (2022). Dataset of port scanning attacks on emulation testbed and hardware-in-the-loop testbed.
Jemili, F., Zaghdoud, M., and Ahmed, M. B. (2007). A framework for an adaptive intrusion detection system using bayesian network. In IEEE Intelligence and Security Informatics, pages 66–70. IEEE.
Jony, A., Miah, A. S. M., and Islam, M. N. (2023). An effective method to detect dhcp starvation attack using port scanning. In International Conference on Next-Generation Computing, IoT and Machine Learning (NCIM), pages 1–6.
Lent, D. M. B., Novaes, M. P., Carvalho, L. F., Lloret, J., Rodrigues, J. J., and Proença, M. L. (2022). A gated recurrent unit deep learning model to detect and mitigate distributed denial of service and portscan attacks. IEEE Access, 10:73229–73242.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Pittman, J. M. (2023). Machine learning and port scans: A systematic review. arXiv preprint arXiv:2301.13581.
Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A., et al. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Tang, F., Kawamoto, Y., Kato, N., Yano, K., and Suzuki, Y. (2020). Probe delay based adaptive port scanning for iot devices with private ip address behind nat. IEEE Network, 34(2):195–201.
Verma, S., Kawamoto, Y., and Kato, N. (2020). A novel iot-aware wlan environment identification for efficient internet-wide port scan. In IEEE Global Communications Conference - GLOBECOM, pages 1–6.
Verma, S., Kawamoto, Y., and Kato, N. (2021). A network-aware internet-wide scan for security maximization of ipv6-enabled wlan iot devices. IEEE Internet of Things Journal, 8(10):8411–8422.
Verma, S., Kawamoto, Y., and Kato, N. (2022). A smart internet-wide port scan approach for improving iot security under dynamic wlan environments. IEEE Internet of Things Journal, 9(14):11951–11961.
Zhang, J., Zulkernine, M., and Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5):649–659.
Abu Bakar, R. and Kijsirikul, B. (2023). Enhancing network visibility and security with advanced port scanning techniques. Sensors, 23(17).
Al-Haija, Q. A., Saleh, E., and Alnabhan, M. (2021). Detecting port scan attacks using logistic regression. In 2021 4th International Symposium on Advanced Electrical and Communication Technologies (ISAECT), pages 1–5.
Almseidin, M., Al-Sawwa, J., and Alkasassbeh, M. (2022). Multi-step cyber-attack dataset (mscad for intrusion detection).
Baah, E. K., Yirenkyi, S., Asamoah, D., Oppong, S. O., Opoku-Mensah, E., Partey, B. T., Sackey, A. K., Kornyo, O., and Obu, E. (2022). Enhancing port scans attack detection using principal component analysis and machine learning algorithms. In International Conference on Frontiers in Cyber Security, pages 119–133. Springer.
Brahmi, H., Brahmi, I., and Ben Yahia, S. (2012). Omc-ids: at the cross-roads of olap mining and intrusion detection. In Advances in Knowledge Discovery and Data Mining: 16th Pacific-Asia Conference, PAKDD, Kuala Lumpur, Malaysia, May 29–June 1, 2012, Proceedings, Part II 16, pages 13–24. Springer.
CERT.BR (2023). Estatísticas dos Incidentes Reportados ao CERT. br. Disponível em: [link]. Acessado em Janeiro, 2024.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications: Centralized and federated learning.
Fortuna, P., Ferreira, J., Pires, L., Routar, G., and Nunes, S. (2018). Merging datasets for aggressive text identification. In Kumar, R., Ojha, A. K., Zampieri, M., and Malmasi, S., editors, Proceedings of the First Workshop on Trolling, Aggression and Cyber-bullying (TRAC-2018), pages 128–139, Santa Fe, New Mexico, USA. Association for Computational Linguistics.
Ge, J., Li, T., and Wu, Y. (2023). Online Encrypted Traffic Classification Based on Lightweight Neural Networks, pages 109–128. Wiley-IEEE Press.
Hartpence, B. and Kwasinski, A. (2020). Combating tcp port scan attacks using sequential neural networks. In International Conference on Computing, Networking and Communications (ICNC), pages 256–260. IEEE.
Huang, H., Wlazlo, P., Sahu, A., Walker, A., Goulart, A., Davis, K., Swiler, L., Tarman, T., and Vugrin, E. (2022). Dataset of port scanning attacks on emulation testbed and hardware-in-the-loop testbed.
Jemili, F., Zaghdoud, M., and Ahmed, M. B. (2007). A framework for an adaptive intrusion detection system using bayesian network. In IEEE Intelligence and Security Informatics, pages 66–70. IEEE.
Jony, A., Miah, A. S. M., and Islam, M. N. (2023). An effective method to detect dhcp starvation attack using port scanning. In International Conference on Next-Generation Computing, IoT and Machine Learning (NCIM), pages 1–6.
Lent, D. M. B., Novaes, M. P., Carvalho, L. F., Lloret, J., Rodrigues, J. J., and Proença, M. L. (2022). A gated recurrent unit deep learning model to detect and mitigate distributed denial of service and portscan attacks. IEEE Access, 10:73229–73242.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Pittman, J. M. (2023). Machine learning and port scans: A systematic review. arXiv preprint arXiv:2301.13581.
Sharafaldin, I., Lashkari, A. H., Ghorbani, A. A., et al. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Tang, F., Kawamoto, Y., Kato, N., Yano, K., and Suzuki, Y. (2020). Probe delay based adaptive port scanning for iot devices with private ip address behind nat. IEEE Network, 34(2):195–201.
Verma, S., Kawamoto, Y., and Kato, N. (2020). A novel iot-aware wlan environment identification for efficient internet-wide port scan. In IEEE Global Communications Conference - GLOBECOM, pages 1–6.
Verma, S., Kawamoto, Y., and Kato, N. (2021). A network-aware internet-wide scan for security maximization of ipv6-enabled wlan iot devices. IEEE Internet of Things Journal, 8(10):8411–8422.
Verma, S., Kawamoto, Y., and Kato, N. (2022). A smart internet-wide port scan approach for improving iot security under dynamic wlan environments. IEEE Internet of Things Journal, 9(14):11951–11961.
Zhang, J., Zulkernine, M., and Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5):649–659.
Published
2024-09-16
How to Cite
BREZOLIN, Uelinton; NAKAYAMA, Fernando; NOGUEIRA, Michele.
Detection of Port Scans Through Intelligent Analysis of IoT Network Traffic. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 271-286.
DOI: https://doi.org/10.5753/sbseg.2024.241769.
