Antonio Pusceddu

UniCa About Professors and Researchers Antonio Pusceddu Research Research outcomes (IRIS)

Antonio Pusceddu

A Privacy-Preserving Approach for Vulnerability Scanning Detection

Regano L.^Co-prime;Canavese D.^Co-prime;Mannella L.^Co-prime

2024-01-01

Abstract

This paper presents an approach leveraging machine learning techniques to monitor network traffic in search of vulnerability scanning activities. Indeed, attackers typically perform an initial reconnaissance phase to identify the vulnerabilities their target platforms expose, which they can abuse to perform cyberattacks. Classical network monitoring approaches have multiple limitations. Indeed, they are typically hindered by the presence of encrypted traffic, hamper user privacy resorting to Deep Packet Inspection (DPI), and cannot identify advanced scanning techniques such as slow scans. The research presented in this paper overcomes such limitations through machine learning classifiers that can detect vulnerability scans with flow-level granularity, employing statistical features evaluated on Layer 3 and 4 network packet headers. We demonstrate the feasibility of our approach training classifiers able to detect traffic originated by three well-known vulnerability scanning tools: OpenVAS, sqlmap, and Wapiti. The presented Proof-of-Concept classifiers are characterized by a high classification accuracy, with the best classifier reaching a balanced accuracy of 98%.

Short Card

Tab complete

Full Sheet(DC)

         Anno 
       
        2024 
       
         Lingua/e 
       
        Inglese 
       
         Titolo del Volume 
       
        ITASEC 2024. Italian Conference on Cyber Security 2024. Proceedings of the 8th Italian Conference on Cyber Security (ITASEC 2024). Salerno, Italy, April 8-12, 2024 
       
         Nome Editore 
       
        CEUR-WS 
       
         Titolo della Collana/serie 
       
        CEUR WORKSHOP PROCEEDINGS 
       
         Volume 
       
        3731 
       
         Numero di pagine 
       
        13 
       
         Codice Scopus 
       
        2-s2.0-85199576740 
       
         URL 
       
        https://ceur-ws.org/Vol-3731/ 
       
         Titolo del convegno 
       
        8th Italian Conference on Cyber Security, ITASEC 2024 
       
         Referee 
       
        Esperti anonimi 
       
         Periodo del Convegno 
       
        April 8-12, 2024 
       
         Luogo del Convegno 
       
        Salerno, Italia 
       
         Caratterizzazione prevalente 
       
        scientifica 
       
         Parole chiave 
       
        Intrusion Detection Systems (IDS); Intrusion Prevention Systems (IPS); Machine Learning (ML); Network Security; User Privacy; Vulnerability Scanning 
       
         Presenza di coautori internazionali 
       
        sì 
       
         Tipologia 
       
        4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno 
       
         Tutti gli autori 
       
        Regano, L.; Canavese, D.; Mannella, L.
         
         Tipologia sito docente 
       
        273 
       
         Numero autori 
       
        3 
       
         Tipologia 
       
        4.1 Contributo in Atti di convegno 
       
         Fulltext 
       
        open 
       
         Tipologia 
       
        info:eu-repo/semantics/conferencePaper 
       
         Type: 
       
        4.1 Contributo in Atti di convegno

Files in This Item:

File	Size	Format
paper44.pdf open access Type: versione editoriale Size 269.96 kB Format Adobe PDF View/Open	269.96 kB	Adobe PDF	View/Open

University of Cagliari

University of Cagliari