Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header

Akira Tanaka, Chansu Han, Takeshi Takahashi, Katsuki Fujisawa

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Identifying individual scan activities is a crucial and challenging activity for mitigating emerging cyber threats or gaining insights into security scans. Sophisticated adversaries distribute their scans over multiple hosts and operate with stealth; therefore, low-rate scans hide beneath other benign traffic. Although previous studies attempted to discover such stealth scans by observing the distribution of ports and hosts, well-organized scans are difficult to find. However, a scanner can embed a fingerprint into the packet fields to distinguish between the scan and other traffic. In this study, we propose a new algorithm to identify the flexible fingerprint in consideration of the genetic algorithm idea. To the best of our knowledge, this is the first such attempt. We successfully identified previously unknown fingerprints rather than existing ones through numer-ical experiments on darknet traffic. We analyzed the packets and discovered distinctive scan activities. Further, we collated the results with both cyber threat intelligence and investigation/large-scale scanner lists to ascertain the reliability of our model.

Original languageEnglish
Title of host publication2021 6th International Conference on Fog and Mobile Edge Computing, FMEC 2021
EditorsNabil Abdennadher, Elhadj Benkhelifa, Jaime Mauri Lloret, Yaser Jararweh
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665458702
DOIs
Publication statusPublished - 2021
Event6th International Conference on Fog and Mobile Edge Computing, FMEC 2021 - Virtual, Gandia, Spain
Duration: Dec 6 2021Dec 9 2021

Publication series

Name2021 6th International Conference on Fog and Mobile Edge Computing, FMEC 2021

Conference

Conference6th International Conference on Fog and Mobile Edge Computing, FMEC 2021
Country/TerritorySpain
CityVirtual, Gandia
Period12/6/2112/9/21

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header'. Together they form a unique fingerprint.

Cite this