Scan Correlation – Revealing distributed scan campaigns

03/11/2020 ∙ by Steffen Haas, et al. ∙ 0

Public networks are exposed to port scans from the Internet. Attackers search for vulnerable services they can exploit. In large scan campaigns, attackers often utilize different machines to perform distributed scans, which impedes their detection and might also camouflage the actual goal of the scanning campaign. In this paper, we present a correlation algorithm to detect scans, identify potential relations among them, and reassemble them to larger campaigns. We evaluate our approach on real-world Internet traffic and our results indicate that it can summarize and characterize standalone and distributed scan campaigns based on their tools and intention.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.