A Search Engine Backed by Internet-Wide Scanning

Durumeric, Zakir; Adrian, David; Mirian, Ariana; Bailey, Michael; Halderman, J. Alex

doi:10.1145/2810103.2813703

Cited by 378 publications

(348 citation statements)

References 10 publications

Supporting

Mentioning

299

Contrasting

Unclassified

Order By: Relevance

“…We confirm the existence of Internet-wide scanners for research purpose like ZMap [11] and malicious ones like Mirai Botnet [29], [31]. We also find that attackers generally prefer light scanning to heavy scanning because light traffic is more likely to evade detections by intrusion detection systems (IDS).…”

Section: Longitudinal Analysissupporting

confidence: 74%

“…Continuous efforts have been made to tackle Conficker throughout the years [13], [26], [27]. Recently fast Internet-wide scanners [10], [11], [16] are widely used for research purpose and they provide a source for darknet traffic.…”

Section: Related Workmentioning

confidence: 99%

“…[11], Internet-wide scanners for research purposes (Zmap and masscan) leave their specific footprints in TCP/IP headers, thus making their identification in darknet easy. Table 4 shows known scanner ratios using a weekly trace from dataset I in 2015.…”

Section: Anomaly Cause Investigationmentioning

confidence: 99%

See 2 more Smart Citations

An Evaluation of Darknet Traffic Taxonomy

Fukuda

2018

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences.

show abstract

Section: Longitudinal Analysissupporting

confidence: 74%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Evaluation of Darknet Traffic Taxonomy

Fukuda

2018

Journal of Information Processing

View full text Add to dashboard Cite

show abstract

“…The probing of Large Area Networks (LANs) is achieved using TCP-SYN and ICMP echo scans. This is addressed in Durumeric, Wustrow, and Halderman [23]. Not only is the active technology behind ZMap discussed in detail, but also each element of the ZMap functionality is dissected and explained at a substantial technical level, including its modular framework for dissecting different protocols.…”

Section: Zmapmentioning

confidence: 99%

Vulnerability Analysis of Network Scanning on SCADA Systems

Coffey

Smith

Μαγλαράς

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICSs) have controlled the regulation and management of Critical National Infrastructure environments for decades. With the demand for remote facilities to be controlled and monitored, industries have continued to adopt Internet technology into their ICS and SCADA systems so that their enterprise can span across international borders in order to meet the demand of modern living. Although this is a necessity, it could prove to be potentially dangerous. The devices that make up ICS and SCADA systems have bespoke purposes and are often inherently vulnerable and difficult to merge with newer technologies. The focus of this article is to explore, test, and critically analyse the use of network scanning tools against bespoke SCADA equipment in order to identify the issues with conducting asset discovery or service detection on SCADA systems with the same tools used on conventional IP networks. The observations and results of the experiments conducted are helpful in evaluating their feasibility and whether they have a negative impact on how they operate. This in turn helps deduce whether network scanners open a new set of vulnerabilities unique to SCADA systems.

show abstract

“…STIX is a standard for expressing threat information such as vulnerabilities, incidents, and related events, while Open-IOC is a standard for describing intrusion indicators such as detailed information about files and traffic (Durumeric et al 2015;.…”

Section: Technology Of Sharing Information On Security Threatsmentioning

confidence: 99%

Management platform of threats information in IoT environment

Kim

2017

J Ambient Intell Human Comput

View full text Add to dashboard Cite

A Search Engine Backed by Internet-Wide Scanning

Cited by 378 publications

References 10 publications

An Evaluation of Darknet Traffic Taxonomy

An Evaluation of Darknet Traffic Taxonomy

Vulnerability Analysis of Network Scanning on SCADA Systems

Management platform of threats information in IoT environment

Contact Info

Product

Resources

About