arXiv Open Access 2020

Scan Correlation -- Revealing distributed scan campaigns

Steffen Haas Florian Wilkens Mathias Fischer

Lihat Sumber

Abstrak

Public networks are exposed to port scans from the Internet. Attackers search for vulnerable services they can exploit. In large scan campaigns, attackers often utilize different machines to perform distributed scans, which impedes their detection and might also camouflage the actual goal of the scanning campaign. In this paper, we present a correlation algorithm to detect scans, identify potential relations among them, and reassemble them to larger campaigns. We evaluate our approach on real-world Internet traffic and our results indicate that it can summarize and characterize standalone and distributed scan campaigns based on their tools and intention.

Topik & Kata Kunci

cs.CR

Penulis (3)

Steffen Haas

Florian Wilkens

Mathias Fischer

Format Sitasi

APA MLA BibTeX

Haas, S., Wilkens, F., Fischer, M. (2020). Scan Correlation -- Revealing distributed scan campaigns. https://arxiv.org/abs/2003.05188

Akses Cepat

Lihat di Sumber

Informasi Jurnal

Tahun Terbit: 2020
Bahasa: en
Sumber Database: arXiv
Akses: Open Access ✓