WEKO3
アイテム
NII Technical Report (NII-2016-008E):Profiling Internet Scanners: Spatial and Temporal Structures
https://doi.org/10.20736/0002000353
https://doi.org/10.20736/0002000353c992d83a-9866-46cf-a05c-81580bd15082
名前 / ファイル | ライセンス | アクション |
---|---|---|
![]() |
|
Item type | レポート / Report(1) | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
公開日 | 2022-06-09 | |||||||||||||
タイトル | ||||||||||||||
言語 | en | |||||||||||||
タイトル | NII Technical Report (NII-2016-008E):Profiling Internet Scanners: Spatial and Temporal Structures | |||||||||||||
言語 | ||||||||||||||
言語 | eng | |||||||||||||
キーワード | ||||||||||||||
言語 | ja | |||||||||||||
主題Scheme | Other | |||||||||||||
主題 | テクニカルレポート | |||||||||||||
キーワード | ||||||||||||||
言語 | en | |||||||||||||
主題Scheme | Other | |||||||||||||
主題 | Technical Report | |||||||||||||
資源タイプ | ||||||||||||||
資源 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
タイプ | departmental bulletin paper | |||||||||||||
ID登録 | ||||||||||||||
ID登録 | 10.20736/0002000353 | |||||||||||||
ID登録タイプ | JaLC | |||||||||||||
著者 |
Mazel, Johan
× Mazel, Johan
× Fontugne, Romain
× 福田, 健介
|
|||||||||||||
抄録 | ||||||||||||||
内容記述タイプ | Abstract | |||||||||||||
内容記述 | A great deal of effort has been dedicated to the study of network scanning. Nonetheless, previous studies focused on simple char- acteristics such as the number of scanning IPs (also called scanners) or targets, but usually neglected scanner behavior. We analyze 15 years of backbone traffic and propose a method for profiling scanning IPs. Our analysis first details evolution of targeted services, mass-scanning tool usage and scanning pattern. Then, we propose a new method to classify scanning IPs’ spatial and temporal structure into three profiles that re- veal vastly different intent. In particular, we find that 33% of scanners repeatedly target the same set of hosts. If unsolicited, this behavior pro- vides an early warning to administrators regarding the malicious intent of scanners. Finally, we study publicly documented scanners’ activities and show that security research-related scanning IPs behave differently than non-documented scanners. We also show that only 39% of scanning entities follow online documentation best practices. | |||||||||||||
言語 | en | |||||||||||||
書誌情報 |
ja : NIIテクニカル・レポート en : NII Technical Report p. none, 発行日 2016-12-22 |
|||||||||||||
出版者 | ||||||||||||||
言語 | ja | |||||||||||||
出版者 | 国立情報学研究所 | |||||||||||||
ISSN | ||||||||||||||
収録物識別子タイプ | ISSN | |||||||||||||
収録物識別子 | 1346-5597 |