ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 Who is Knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning
Cited 13 time in scopus Download 1 time Share share facebook twitter linkedin kakaostory
저자
허환조, 신승원
발행일
201806
출처
Asia Conference on Computer and Communications Security (ASIA CCS) 2018, pp.625-636
DOI
https://dx.doi.org/10.1145/3196494.3196537
협약과제
17HH3100, SDN 기반 동적 네트워크 은닉 핵심 기술 개발, 박종대
초록
Network scanning is the primary procedure preceding many network attacks. Until recently, network scanning has been widely studied to report a continued growth in volume and Internet-wide trends including the underpinning of distributed scannings by lingering Internet worms. It is, nevertheless, imperative to keep us informed with the current state of network scanning, for factual and comprehensive understanding of the security threats we are facing, and new trends to serve as the presage of imminent threats. In this paper, we analyze the up-to-date connection-level log data of a large-scale campus network to study the recent scanning trends in breadth. We find, most importantly, the scanning landscape is greatly shifted, predominantly by an unprecedented rise in Telnet service scannings. Furthermore, not only are the scan sources comprehensively identified in terms of targeted services and geographical/network locations, but also their characteristics, such as being responsible in scanning and their connection-level behavior, are studied.
KSP 제안 키워드
Campus Network, Current state, Empirical study, Internet Worm, Log data, Network Attacks, Network scanning, continued growth, large-scale, security threats