Identifying Vulnerabilities Using Internet-Wide Scanning Data

Internet-wide scanning projects such as Shodan and Censys, scan the Internet and collect active reconnaissance results for online devices. Access to this information is provided through associated websites. The Internet-wide scanning data can be used to identify devices and services which are exposed on the Internet. It is possible to identify services as being susceptible to known-vulnerabilities by analysing the data. Analysing this information is classed as passive reconnaissance, as the target devices are not being directly communicated with. This paper goes on to define this as contactless active reconnaissance. The vulnerability identification functionality in these Internet-wide scanning tools is currently limited to a small number of high profile vulnerabilities. This work looks towards extending these features through the creation of a tool Scout which combines data from Censys and the National Vulnerability Database to passively identify potential vulnerabilities. This is possible by analysing Common Platform Enumerations and associated Common Vulnerability and Exposures. Through this novel approach, active vulnerability scanning results can be gained, while mitigating the associated issues of active scanning, such as possible disruption to the target network and devices. In initial experiments performed on 2571 services across 7 local academic intuitions, 12967 potential known-vulnerabilities were identified. More focused experiments to evaluate the results and compare accuracy with industry standard vulnerability assessment tools were carried out and Scout was found to successfully identify vulnerabilities with an effectiveness score of up to 74 percent when compared to OpenVAS.

[1]  Béla Genge,et al.  ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services , 2016, Secur. Commun. Networks.

[2]  Miguel Correia,et al.  Benchmarking Static Analysis Tools for Web Security , 2018, IEEE Transactions on Reliability.

[3]  Bela Genge,et al.  Non-intrusive Techniques for Vulnerability Assessment of Services in Distributed Systems , 2015 .

[4]  Jie Tian,et al.  Text Clustering on National Vulnerability Database , 2010, 2010 Second International Conference on Computer Engineering and Applications.

[5]  J. Alex Halderman,et al.  Zippier ZMap: Internet-Wide Scanning at 10 Gbps , 2014, WOOT.

[6]  Jörg Keller,et al.  Contactless Vulnerability Analysis using Google and Shodan , 2017, J. Univers. Comput. Sci..

[7]  Piroska Haller,et al.  Beyond Internet Scanning: Non-Intrusive Vulnerability Assessment of Internet-Facing Services , 2015 .

[8]  Hussein Al-Bahadili,et al.  Vulnerability scanning of IoT devices in Jordan using Shodan , 2017, 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS).

[9]  Hsinchun Chen,et al.  Shodan visualized , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[10]  Taeeun Kim,et al.  Service Identification of Internet-Connected Devices Based on Common Platform Enumeration , 2018, J. Inf. Process. Syst..

[11]  Barry E. Mullins,et al.  Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices , 2014, Int. J. Crit. Infrastructure Prot..

[12]  Christoph Meinel,et al.  PVD: Passive vulnerability detection , 2017, 2017 8th International Conference on Information and Communication Systems (ICICS).

[13]  Taeeun Kim,et al.  A Study on the Service Identification of Internet-Connected Devices Using Common Platform Enumeration , 2017, MUE/FutureTech.

[14]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[15]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[16]  Mourad Debbabi,et al.  Cyber Scanning: A Comprehensive Survey , 2014, IEEE Communications Surveys & Tutorials.

[17]  Hsinchun Chen,et al.  Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[18]  Béla Genge,et al.  Non-Intrusive Historical Assessment of Internet-Facing Services in the Internet of Things , 2015, MACRo.

[19]  Rafael Uetz,et al.  Software Vulnerability Analysis Using CPE and CVE , 2017, ArXiv.

[20]  Marco Vieira,et al.  Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples , 2015, IEEE Transactions on Services Computing.

[21]  Marco Vieira,et al.  On the Metrics for Benchmarking Vulnerability Detection Tools , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.