{"title":"智能互联网探测:使用自适应机器学习进行扫描","authors":"Armin Sarabi, Kun Jin, Mingyan D. Liu","doi":"10.1002/9781119723950.ch21","DOIUrl":null,"url":null,"abstract":"Network scanning is widely used to assess security postures of hosts/networks, discover vulnerabilities, and study Internet trends. However, scans can generate large amounts of traffic, and efficient probing of IPv6 hosts (where global scans are infeasible) is an outstanding problem. In this chapter, we develop a framework for efficient Internet scans using machine learning, by preemptively detecting and avoiding the scanning of inactive hosts. We evaluate this framework over global scans of the IPv4 space over 20 ports, and show that using location and ownership information we can reduce the bandwidth of scans by 26.7–72.0%, while discovering 90–99% of active hosts. We then evaluate a sequential method by gradually adding information obtained from scanned ports to adaptively predict the remaining port responses, yielding 47.4–83.5% of bandwidth savings at the same true positive rates. Our framework can be used to lower the bandwidth consumption of scans and increase their hit rate, thereby reducing their intrusive nature and enabling efficient discovery of active devices.","PeriodicalId":332247,"journal":{"name":"Game Theory and Machine Learning for Cyber Security","volume":"107 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Smart Internet Probing: Scanning Using Adaptive Machine Learning\",\"authors\":\"Armin Sarabi, Kun Jin, Mingyan D. Liu\",\"doi\":\"10.1002/9781119723950.ch21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network scanning is widely used to assess security postures of hosts/networks, discover vulnerabilities, and study Internet trends. However, scans can generate large amounts of traffic, and efficient probing of IPv6 hosts (where global scans are infeasible) is an outstanding problem. In this chapter, we develop a framework for efficient Internet scans using machine learning, by preemptively detecting and avoiding the scanning of inactive hosts. We evaluate this framework over global scans of the IPv4 space over 20 ports, and show that using location and ownership information we can reduce the bandwidth of scans by 26.7–72.0%, while discovering 90–99% of active hosts. We then evaluate a sequential method by gradually adding information obtained from scanned ports to adaptively predict the remaining port responses, yielding 47.4–83.5% of bandwidth savings at the same true positive rates. Our framework can be used to lower the bandwidth consumption of scans and increase their hit rate, thereby reducing their intrusive nature and enabling efficient discovery of active devices.\",\"PeriodicalId\":332247,\"journal\":{\"name\":\"Game Theory and Machine Learning for Cyber Security\",\"volume\":\"107 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Game Theory and Machine Learning for Cyber Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1002/9781119723950.ch21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Game Theory and Machine Learning for Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/9781119723950.ch21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Smart Internet Probing: Scanning Using Adaptive Machine Learning
Network scanning is widely used to assess security postures of hosts/networks, discover vulnerabilities, and study Internet trends. However, scans can generate large amounts of traffic, and efficient probing of IPv6 hosts (where global scans are infeasible) is an outstanding problem. In this chapter, we develop a framework for efficient Internet scans using machine learning, by preemptively detecting and avoiding the scanning of inactive hosts. We evaluate this framework over global scans of the IPv4 space over 20 ports, and show that using location and ownership information we can reduce the bandwidth of scans by 26.7–72.0%, while discovering 90–99% of active hosts. We then evaluate a sequential method by gradually adding information obtained from scanned ports to adaptively predict the remaining port responses, yielding 47.4–83.5% of bandwidth savings at the same true positive rates. Our framework can be used to lower the bandwidth consumption of scans and increase their hit rate, thereby reducing their intrusive nature and enabling efficient discovery of active devices.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
