Agent-based host enumeration and vulnerability scanning using dynamic topology information

Abstract

Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be at risk so as to be able to assess and, where possible, mitigate the threat. In this paper we therefore propose an agent-based semi-autonomous scanning mechanism which utilizes topology information to traverse networks with minimum bandwidth usage and maximum network coverage, and hence avoiding potential service degradation in large-scale structured networks. Topology information is also used to constrain propagation to a well defined network, while intermittently active hosts and topology changes are detected by using resident reactive agents plotted throughout the mechanism gradual propagation.