# Exploratory Data Analysis of a Network Telescope Traffic and Prediction   of Port Probing Rates

**Authors:** Mehdi Zakroum, Abdellah Houmz, Mounir Ghogho, Ghita Mezzour,, Abdelkader Lahmadi, J\'er\^ome Fran\c{c}ois, Mohammed El Koutbi

arXiv: 1812.09790 · 2019-04-30

## TL;DR

This paper analyzes large-scale network probing traffic from a /20 network telescope, exploring its properties, behavior patterns, and evaluating models for predicting port probing rates to enhance cybersecurity strategies.

## Contribution

It provides a comprehensive exploratory analysis of network probing activities and assesses the effectiveness of autoregressive models for predicting probing rates.

## Key findings

- Identified key probing behaviors and patterns.
- Modeled behavior using transition graphs.
- Evaluated predictive models with promising results.

## Abstract

Understanding the properties exhibited by large scale network probing traffic would improve cyber threat intelligence. In addition, the prediction of probing rates is a key feature for security practitioners in their endeavors for making better operational decisions and for enhancing their defense strategy skills. In this work, we study different aspects of the traffic captured by a /20 network telescope. First, we perform an exploratory data analysis of the collected probing activities. The investigation includes probing rates at the port level, services interesting top network probers and the distribution of probing rates by geolocation. Second, we extract the network probers exploration patterns. We model these behaviors using transition graphs decorated with probabilities of switching from a port to another. Finally, we assess the capacity of Non-stationary Autoregressive and Vector Autoregressive models in predicting port probing rates as a first step towards using more robust models for better forecasting performance.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.09790/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1812.09790/full.md

## References

9 references — full list in the complete paper: https://tomesphere.com/paper/1812.09790/full.md

---
Source: https://tomesphere.com/paper/1812.09790