Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning

  title={Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning},
  author={Seungwoon Lee and Seung-Hun Shin and B. Roh},
  journal={2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN)},
  • Seungwoon Lee, Seung-Hun Shin, B. Roh
  • Published 2017
  • Computer Science
  • 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN)
  • Shodan and Censys, also known as IP Device search engines, build searchable databases of internet devices and networks. [...] Key Method The response behavior during the connection can be identified with TCP flag and abnormal behavior can be classified with SYN Scan, Banner Grabbing, and Combined SYN and Banner Grabbing. Demonstration is simulated in a Censys-like environment and detected time variation per variance of distributed detectors and Threshold value is analyzed.Expand Abstract

    Figures, Tables, and Topics from this paper.


    Publications referenced by this paper.
    Practical Automated Detection of Stealthy Portscans
    • 528
    • PDF
    ZMap: Fast Internet-wide Scanning and Its Security Applications
    • 477
    • PDF
    A Search Engine Backed by Internet-Wide Scanning
    • 237
    • Highly Influential
    • PDF
    Surveying Port Scans and Their Detection Methodologies
    • 122
    • PDF
    A review of port scanning techniques
    • 103
    • PDF
    Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices
    • 92
    Co-ordinated port scans: a model, a detector and an evaluation methodology
    • 29
    • PDF
    Network Forensics: Detection and Analysis of Stealth Port Scanning Attack
    • 6
    Method for improving security performance in stateful inspection of tcp connection
    • 1