ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Conference Paper Who is knocking on the Telnet Port
Cited 17 time in scopus Share share facebook twitter linkedin kakaostory
Authors
Hwanjo Heo, Seungwon Shin
Issue Date
2018-06
Citation
Asia Conference on Computer and Communications Security (ASIA CCS) 2018, pp.625-636
Publisher
ACM
Language
English
Type
Conference Paper
DOI
https://dx.doi.org/10.1145/3196494.3196537
Abstract
Network scanning is the primary procedure preceding many network attacks. Until recently, network scanning has been widely studied to report a continued growth in volume and Internet-wide trends including the underpinning of distributed scannings by lingering Internet worms. It is, nevertheless, imperative to keep us informed with the current state of network scanning, for factual and comprehensive understanding of the security threats we are facing, and new trends to serve as the presage of imminent threats. In this paper, we analyze the up-to-date connection-level log data of a large-scale campus network to study the recent scanning trends in breadth. We find, most importantly, the scanning landscape is greatly shifted, predominantly by an unprecedented rise in Telnet service scannings. Furthermore, not only are the scan sources comprehensively identified in terms of targeted services and geographical/network locations, but also their characteristics, such as being responsible in scanning and their connection-level behavior, are studied.
KSP Keywords
Campus Network, Current state, Internet worm, Log data, Network Attack, Port network, Security threats, continued growth, large-scale, network scanning