DeepAI AI Chat
Log In Sign Up

Scan Correlation – Revealing distributed scan campaigns

by   Steffen Haas, et al.

Public networks are exposed to port scans from the Internet. Attackers search for vulnerable services they can exploit. In large scan campaigns, attackers often utilize different machines to perform distributed scans, which impedes their detection and might also camouflage the actual goal of the scanning campaign. In this paper, we present a correlation algorithm to detect scans, identify potential relations among them, and reassemble them to larger campaigns. We evaluate our approach on real-world Internet traffic and our results indicate that it can summarize and characterize standalone and distributed scan campaigns based on their tools and intention.


page 1

page 2

page 3

page 4


Identifying and characterizing ZMap scans: a cryptanalytic approach

Network scanning tools play a major role in Internet security. They are ...

Unpaired Point Cloud Completion on Real Scans using Adversarial Training

As 3D scanning solutions become increasingly popular, several deep learn...

A Large Dataset of Object Scans

We have created a dataset of more than ten thousand 3D scans of real obj...

Scanning the Cycle: Timing-based Authentication on PLCs

Programmable Logic Controllers (PLCs) are a core component of an Industr...

LinksIQ: Robust and Efficient Modulation Recognition with Imperfect Spectrum Scans

While critical for the practical progress of spectrum sharing, modulatio...

Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope

Large-scale Internet scans are a common method to identify victims of a ...

Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic

In our paper we analyze the attack surface of German hospitals and healt...