Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis

Chansu Han; Akira Tanaka; Jun’ichi Takeuchi; Takeshi Takahashi; Tomohiro Morikawa; Tsung-Nan Lin

doi:10.5220/0011769300003405

Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis

Chansu Han, Akira Tanaka, Jun’ichi Takeuchi, Takeshi Takahashi, Tomohiro Morikawa, Tsung-Nan Lin

2023

Abstract

The darknet is an unused IP address space that can be an effective resource for observing and analyzing global indiscriminate scanning attacks. Scanning traffic on the darknet has expanded dramatically in recent years and numerous constant scans for investigative purposes have been observed. This is problematic because the investigative scans identified by naive rules account for about 60% of the total observed traffic. In earlier work, we detected malware-caused indiscriminate scanning for attack purposes from darknet data by means of anomaly detection methods, but the large amount of activity from investigation-purpose indiscriminate scans led to false positives. We have therefore developed a new method for tracing scanning campaigns. By distinguishing whether the campaign being traced is for attack or investigation purposes, we aim to reduce the number of false positives and improve anomaly detection accuracy. We also intend to clarify the actual state of constant scanner groups by tracing them. In this work, we describe the proposed method, implement a prototype, and conduct experiments on real darknet data to investigate the feasibility of tracing scanning campaigns.

Download

Paper Citation

in Harvard Style

Han C., Tanaka A., Takeuchi J., Takahashi T., Morikawa T. and Lin T. (2023). Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 617-625. DOI: 10.5220/0011769300003405

in Bibtex Style

@conference{icissp23,
author={Chansu Han and Akira Tanaka and Jun’ichi Takeuchi and Takeshi Takahashi and Tomohiro Morikawa and Tsung-Nan Lin},
title={Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={617-625},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011769300003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis
SN - 978-989-758-624-8
AU - Han C.
AU - Tanaka A.
AU - Takeuchi J.
AU - Takahashi T.
AU - Morikawa T.
AU - Lin T.
PY - 2023
SP - 617
EP - 625
DO - 10.5220/0011769300003405