상세정보
학술대회
Who is Knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning
- 저자
- 허환조, 신승원
- 발행일
- 201806
- 출처
- Asia Conference on Computer and Communications Security (ASIA CCS) 2018, pp.625-636
- 협약과제
- 17HH3100, SDN 기반 동적 네트워크 은닉 핵심 기술 개발, 박종대
- 초록
- Network scanning is the primary procedure preceding many network attacks. Until recently, network scanning has been widely studied to report a continued growth in volume and Internet-wide trends including the underpinning of distributed scannings by lingering Internet worms. It is, nevertheless, imperative to keep us informed with the current state of network scanning, for factual and comprehensive understanding of the security threats we are facing, and new trends to serve as the presage of imminent threats. In this paper, we analyze the up-to-date connection-level log data of a large-scale campus network to study the recent scanning trends in breadth. We find, most importantly, the scanning landscape is greatly shifted, predominantly by an unprecedented rise in Telnet service scannings. Furthermore, not only are the scan sources comprehensively identified in terms of targeted services and geographical/network locations, but also their characteristics, such as being responsible in scanning and their connection-level behavior, are studied.
- KSP 제안 키워드
- Campus Network, Current state, Empirical study, Internet Worm, Log data, Network Attacks, Network scanning, continued growth, large-scale, security threats