IPREDS: Efficient Prediction System for Internet-wide Port and Service Scanning

Author:

Luo Yirui1ORCID,Li Chenglong2ORCID,Wang Zhiliang2ORCID,Yang Jiahai2ORCID

Affiliation:

1. Tsinghua University, Beijing, China

2. Tsinghua University & Zhongguancun Laboratory, Beijing, China

Abstract

Internet-wide port and service scanning, a vital tool for network research, is unaffordable in time and network bandwidth consumption. However, scanning only a portion of ports and services may lead to erroneous research conclusions. Previous work has shortened scanning time by predicting potentially active ports and eliminating many invalid scan targets. Still, they suffer from inherent design flaws that compromise their performance in terms of prediction accuracy and efficiency. The vast, unevenly distributed, and noisy nature of active ports presents significant challenges for prediction systems. Meanwhile, service prediction work is still in a shortage state. In this work, we introduce IPREDS, the first efficient prediction system for Internet-wide port and service scanning. IPREDS uses its carefully designed decision model to utilize all input features and predict the scanning reward of each target in parallel, providing high coverage prediction results in minimal time. Our experiment results show that IPREDS can discover 87% of active ports across the entire IPv4 network within two hours, saving at least 87.26% of the total time and 59% of the packets sent compared to existing work. For service scanning, IPREDS finds 91% of all active services using only four handshakes on each active port and saves 85.9% time to find 69% of each active service compared to exhaustive service scanning.

Publisher

Association for Computing Machinery (ACM)

Reference39 articles.

1. Imperfect Forward Secrecy

2. Mission accomplished?

3. Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the mirai botnet. In 26th $$USENIX$$ security symposium ($$USENIX$$ Security 17). 1093--1110.

4. Peter Auer, Nicolo Cesa-Bianchi, and Paul Fischer. 2002. Finite-time analysis of the multiarmed bandit problem. Machine learning , Vol. 47 (2002), 235--256.

5. Internet Assigned Numbers Authority. 2023. Service Name and Transport Protocol Port Number Registry. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml .

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3