Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header

Akira Tanaka, Chansu Han, Takeshi Takahashi, Katsuki Fujisawa

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

6 被引用数 (Scopus)

抄録

Identifying individual scan activities is a crucial and challenging activity for mitigating emerging cyber threats or gaining insights into security scans. Sophisticated adversaries distribute their scans over multiple hosts and operate with stealth; therefore, low-rate scans hide beneath other benign traffic. Although previous studies attempted to discover such stealth scans by observing the distribution of ports and hosts, well-organized scans are difficult to find. However, a scanner can embed a fingerprint into the packet fields to distinguish between the scan and other traffic. In this study, we propose a new algorithm to identify the flexible fingerprint in consideration of the genetic algorithm idea. To the best of our knowledge, this is the first such attempt. We successfully identified previously unknown fingerprints rather than existing ones through numer-ical experiments on darknet traffic. We analyzed the packets and discovered distinctive scan activities. Further, we collated the results with both cyber threat intelligence and investigation/large-scale scanner lists to ascertain the reliability of our model.

本文言語英語
ホスト出版物のタイトル2021 6th International Conference on Fog and Mobile Edge Computing, FMEC 2021
編集者Nabil Abdennadher, Elhadj Benkhelifa, Jaime Mauri Lloret, Yaser Jararweh
出版社Institute of Electrical and Electronics Engineers Inc.
ISBN(電子版)9781665458702
DOI
出版ステータス出版済み - 2021
イベント6th International Conference on Fog and Mobile Edge Computing, FMEC 2021 - Virtual, Gandia, スペイン
継続期間: 12月 6 202112月 9 2021

出版物シリーズ

名前2021 6th International Conference on Fog and Mobile Edge Computing, FMEC 2021

会議

会議6th International Conference on Fog and Mobile Edge Computing, FMEC 2021
国/地域スペイン
CityVirtual, Gandia
Period12/6/2112/9/21

!!!All Science Journal Classification (ASJC) codes

  • コンピュータ サイエンスの応用
  • ハードウェアとアーキテクチャ
  • 情報システムおよび情報管理
  • 安全性、リスク、信頼性、品質管理
  • コンピュータ ネットワークおよび通信

フィンガープリント

「Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル