port2dist: Semantic Port Distances for Network Analytics

摘要

Traffic analysis is a predominant task to support multiple types of management operations. When shifting from manually built signatures to machine learning techniques, a problem resides in the model to represent traffic features. The most notable examples are the TCP and UDP ports, near port numbers in the numerical space is not representative of a close semantic from an operational point of view. We have thus developed a technique to learn meaningful metrics between ports from scanning strategies followed by attackers. In this demonstration, we propose the port2dist tool, allowing to get, seek and retrieve semantic dissimilarities between port numbers.