DOI QR코드

DOI QR Code

Scan Modeling and Performance Analysis for Extensive Terminal Information Identification

광범위한 단말 정보 식별을 위한 스캔 모델링 및 성능 분석

  • Received : 2016.12.20
  • Accepted : 2017.04.10
  • Published : 2017.04.30

Abstract

Network scanning tools typically use port scans to steal information from network terminals and identify vulnerabilities. In particular, Shodan and Censys use a network scanning tool to gather a wide range of terminal information, store it in their database and provide it to the users. In order to prevent such information gathering, it is required to know the scanning methods of Shodan and Censys. However, the scanning model used by Shodan and Censys is not known exactly. Therefore, this paper estimates scanning models of Shodan and Censys and analyzes the performance of each models.

네트워크 기반 단말 정보 식별 도구는 일반적으로 포트 스캔을 사용해 네트워크 단말들의 정보를 탈취하고 취약점을 찾아낸다. 특히 Shodan과 Censys는 네트워크 기반 단말 정보 식별 도구를 이용하여 광범위한 단말 정보를 탈취하여 데이터베이스에 저장한 후, 이를 사용자에게 제공한다. 이 정보는 누구나 확인할 수 있기 때문에 사이버 공격에 악용될 수 있다. 따라서 네트워크 단말 정보 탈취 방지가 필요하며, 이를 위해서는 스캔 도구가 사용하는 스캐닝 방법을 알아야한다. 하지만 Shodan과 Censys가 사용하는 스캐닝 방법은 잘 알려져 있지 않다. 따라서 본 논문에서는 Shodan과 Censys의 스캐닝 방법을 추정해 모델링하고 성능을 분석하였다.

Keywords

References

  1. Shodan, http://www.shodanhq.com/
  2. Censys, https://www.censys.io
  3. NMAP, https://nmap.org/
  4. Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, "A search engine backed by Internet-wide scanning," in Proc. ACM SIGSAG 2015, pp. 542-553, Denver, USA, Oct. 2015.
  5. G. S. Rao, P. N. Kumar, P. Swetha, and G. BhanuKiran, "Security assessment of computer networks -an ethical hacker's perspective," in Proc. IEEE ICCCT 2014, Allahabad, India, Dec. 2014.
  6. Y. Jung and M. Park, "Network defense mechanism based on Isolated Networks," J. KICS, vol. 41, no. 9, pp. 1103-1107, Sept. 2016. https://doi.org/10.7840/kics.2016.41.9.1103
  7. J. Jo, H. Jang, K. Lee, and J. Kong, "SDN-based intrusion prevention system for science DNZ," J. KICS, vol. 40, no. 6, pp. 1070-1080, Jun. 2015. https://doi.org/10.7840/kics.2015.40.6.1070
  8. H. Lim, W. Kim, H. Noh, and J. Lim, "Research on malware classification with network activity for classification and attack prediction of attack group," J. KICS, vol. 42, no. 1, pp. 193-204, Jan. 2017 https://doi.org/10.7840/kics.2017.42.1.193
  9. S. Kumar and S. D. Sudarsan, "An innovative UDP port scanning technique," Int. J. Future Computer and Commun.. vol. 3, no. 6, Dec. 2014.
  10. X. Zhang, J. Knockel, and J. R. Crandall, "Original SYN: Finding machines hidden behind firewalls," in Proc. IEEE INFOCOM 2015, Hong Kong, China, May 2015.
  11. L. Markowsky and G. Markowsky, "Scanning for vulnerable devices in the internet of things," in Proc. IEEE IDAACS 2015, vol. 1, pp. 463-467, Warsaw, Poland, Sept. 2015.
  12. V. Kathayat and L. Ahuja, "Network security with open source firewall," Int. Res. J. Comput. and Electron. Eng., vol. 1, no. 1, May 2013.
  13. S. Shin and G. Gu, "Attacking software-defined networks: A first feasibility study," in Proc. ACM HotSDN 2013, pp. 165-166, Hong Kong, China, Aug. 2013.
  14. S. Scott-Hayward, G. O'Callaghan, and S. Sezer, "SDN security: A survey," in Proc. IEEE SDN4FNS 2013, pp. 1-7, Trento, Italy, Nov. 2013.
  15. I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, "Security in software defined networks: A survey," J. IEEE Commun. Surveys & Tuts., vol. 17, no. 4, pp. 2317-2346, 2015. https://doi.org/10.1109/COMST.2015.2474118
  16. H. Mohammadzadeh, M. Mansoori, and I. Welch, "Evaluation of fingerprinting techniques and a windows-based dynamic honeypot," in Proc. Australasian Info. Sec. Conf., vol. 138, Adelaide, Australia, Jan. 2013.