This paper presents an approach leveraging machine learning techniques to monitor network traffic in search of vulnerability scanning activities. Indeed, attackers typically perform an initial reconnaissance phase to identify the vulnerabilities their target platforms expose, which they can abuse to perform cyberattacks. Classical network monitoring approaches have multiple limitations. Indeed, they are typically hindered by the presence of encrypted traffic, hamper user privacy resorting to Deep Packet Inspection (DPI), and cannot identify advanced scanning techniques such as slow scans. The research presented in this paper overcomes such limitations through machine learning classifiers that can detect vulnerability scans with flow-level granularity, employing statistical features evaluated on Layer 3 and 4 network packet headers. We demonstrate the feasibility of our approach training classifiers able to detect traffic originated by three well-known vulnerability scanning tools: OpenVAS, sqlmap, and Wapiti. The presented Proof-of-Concept classifiers are characterized by a high classification accuracy, with the best classifier reaching a balanced accuracy of 98%.
A Privacy-Preserving Approach for Vulnerability Scanning Detection / Regano, Leonardo; Canavese, Daniele; Mannella, Luca. - ELETTRONICO. - 3731:(2024), pp. 1-13. (Intervento presentato al convegno ITASEC 2024: The Italian Conference on CyberSecurity tenutosi a Salerno (IT) nel April 08–12, 2024).
A Privacy-Preserving Approach for Vulnerability Scanning Detection
Leonardo Regano;Daniele Canavese;Luca Mannella
2024
Abstract
This paper presents an approach leveraging machine learning techniques to monitor network traffic in search of vulnerability scanning activities. Indeed, attackers typically perform an initial reconnaissance phase to identify the vulnerabilities their target platforms expose, which they can abuse to perform cyberattacks. Classical network monitoring approaches have multiple limitations. Indeed, they are typically hindered by the presence of encrypted traffic, hamper user privacy resorting to Deep Packet Inspection (DPI), and cannot identify advanced scanning techniques such as slow scans. The research presented in this paper overcomes such limitations through machine learning classifiers that can detect vulnerability scans with flow-level granularity, employing statistical features evaluated on Layer 3 and 4 network packet headers. We demonstrate the feasibility of our approach training classifiers able to detect traffic originated by three well-known vulnerability scanning tools: OpenVAS, sqlmap, and Wapiti. The presented Proof-of-Concept classifiers are characterized by a high classification accuracy, with the best classifier reaching a balanced accuracy of 98%.File | Dimensione | Formato | |
---|---|---|---|
2024_ITASEC_VulnerabilityScanning.pdf
accesso aperto
Descrizione: Camera-ready Version
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Creative commons
Dimensione
191.5 kB
Formato
Adobe PDF
|
191.5 kB | Adobe PDF | Visualizza/Apri |
2024-07_A_Privacy_Preserving_Approach_for_Vulnerability_Scanning_Detection_paper44.pdf
accesso aperto
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Creative commons
Dimensione
266.97 kB
Formato
Adobe PDF
|
266.97 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2988122