Early Detection and Classification of Malicious Activities in Network and Cloud Services

Port scanning is an important technique for collecting sensitive information, highlighting the need for enhanced security systems. It is emphasized that port scanning, considered an anomaly, should be identified and suppressed early, especially given the significant number of reported incidents. In response to this challenge, this paper presents RAVEN, an intelligent and automated system capable of analyzing network flows to detect and classify scans quickly. Contributions include implementing and evaluating RAVEN, demonstrating performance improvement with the expansion of features, and making datasets available to the academic community. Additionally, the RAVEN system is capable of detecting and classifying attacks on web services, including those using the Tor network. Web attacks are quickly detected using Bloom filters, yielding high accuracy. (AU)