Affiliation:
1. Tsinghua University, Beijing, China
2. Tsinghua University & Zhongguancun Laboratory, Beijing, China
Abstract
Internet-wide port and service scanning, a vital tool for network research, is unaffordable in time and network bandwidth consumption. However, scanning only a portion of ports and services may lead to erroneous research conclusions. Previous work has shortened scanning time by predicting potentially active ports and eliminating many invalid scan targets. Still, they suffer from inherent design flaws that compromise their performance in terms of prediction accuracy and efficiency. The vast, unevenly distributed, and noisy nature of active ports presents significant challenges for prediction systems. Meanwhile, service prediction work is still in a shortage state. In this work, we introduce IPREDS, the first efficient prediction system for Internet-wide port and service scanning. IPREDS uses its carefully designed decision model to utilize all input features and predict the scanning reward of each target in parallel, providing high coverage prediction results in minimal time. Our experiment results show that IPREDS can discover 87% of active ports across the entire IPv4 network within two hours, saving at least 87.26% of the total time and 59% of the packets sent compared to existing work. For service scanning, IPREDS finds 91% of all active services using only four handshakes on each active port and saves 85.9% time to find 69% of each active service compared to exhaustive service scanning.
Publisher
Association for Computing Machinery (ACM)
Reference39 articles.
1. Imperfect Forward Secrecy
2. Mission accomplished?
3. Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the mirai botnet. In 26th $$USENIX$$ security symposium ($$USENIX$$ Security 17). 1093--1110.
4. Peter Auer, Nicolo Cesa-Bianchi, and Paul Fischer. 2002. Finite-time analysis of the multiarmed bandit problem. Machine learning , Vol. 47 (2002), 235--256.
5. Internet Assigned Numbers Authority. 2023. Service Name and Transport Protocol Port Number Registry. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml .