How Many Malicious Scanners Are in the Internet?
暂无分享,去创建一个
Given independent multiple access-logs, we try to identify how many malicious hosts in the Internet. Our model of number of malicious hosts is a formalized as a function taking two inputs, a duration of sensing and a number of sensors. Under some assumptions for simplifying our model, by fitting the function into the experimental data observed for three sensors, in 13 weeks, we identify the size of the set of malicious hosts and the average number of scans they perform routinely. Main results of our study are as follows; the total number of malicious hosts that periodically performs port-scans is from 4,900 to 96,000, the malicious hosts density is about 1 out of 15,000 hosts, and an average malicious host performs 78 port-scans per second.
[1] Abhishek Kumar,et al. Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event , 2005, Internet Measurement Conference.
[2] Hari Balakrishnan,et al. Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.