Detecting the impact of software vulnerability on attacks: A case study of network telescope scans

Network scanning is one of the first steps in gathering information about a target before launching attacks. It is used to scan for vulnerable devices and exposed services in order to exploit them. Such exploits can result in data breaches or network disruption, which can be very costly for organiza...

Full description

Saved in:
Bibliographic Details
Published in:Journal of network and computer applications 2021-12, Vol.195, p.103230, Article 103230
Main Authors: Houmz, Abdellah, Mezzour, Ghita, Zkik, Karim, Ghogho, Mounir, Benbrahim, Houda
Format: Article
Language:English
Subjects:
Classification algorithm
CVE
Machine learning
Network scans
NVD
Time series
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network scanning is one of the first steps in gathering information about a target before launching attacks. It is used to scan for vulnerable devices and exposed services in order to exploit them. Such exploits can result in data breaches or network disruption, which can be very costly for organizations. There are many factors, including technical and non-technical, affecting the volume of scanning activities. In this paper, we study the impact of vulnerability disclosure on the volume of scans over time and propose a machine learning-based approach to predict this impact. We conducted a comprehensive data collection of network scans from two network telescopes hosted in different countries, as well as the disclosed vulnerabilities from 2014 to 2019. We then designed a set of features to characterize the disclosed vulnerabilities and used several classifiers to predict whether a vulnerability will impact the volume of daily scans. The resulting classifier achieves over 85% accuracy in predicting the impact. In addition, we performed an analysis of the key characteristics of vulnerabilities that directly affect scanning activities. Our findings show that this approach is able to classify vulnerabilities that have an impact on network scans. The implementation of our model and validation tests proved the efficiency of the selected features, as well as the robustness of our model to classify vulnerabilities’ impact on scans.
ISSN:1084-8045
1095-8592
DOI:10.1016/j.jnca.2021.103230