How Many Malicious Scanners Are in the Internet?

Kikuchi, Hiroaki; Terada, Masato

doi:10.1007/978-3-540-71093-6_29

Hiroaki Kikuchi¹ &
Masato Terada²

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4298))

Included in the following conference series:

International Workshop on Information Security Applications

490 Accesses
1 Citations

Abstract

Given independent multiple access-logs, we try to identify how many malicious hosts in the Internet. Our model of number of malicious hosts is a formalized as a function taking two inputs, a duration of sensing and a number of sensors. Under some assumptions for simplifying our model, by fitting the function into the experimental data observed for three sensors, in 13 weeks, we identify the size of the set of malicious hosts and the average number of scans they perform routinely. Main results of our study are as follows; the total number of malicious hosts that periodically performs port-scans is from 4,900 to 96,000, the malicious hosts density is about 1 out of 15,000 hosts, and an average malicious host performs 78 port-scans per second.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Sugiyama, et al.: The analysis of the number of the unauthorized computer be decentralized observation of the Internet (in Japanese). IPSJ, FIT 2005, (2005)
Google Scholar
Terada, M., Takada, S., Doi, N.: Proposal for the Experimental Environment for Network Worm Infection ((in Japanese)). Trans. of IPSJ 46(8), 2014–2024 (2005)
Google Scholar
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast Portscan Detection Using Sequential Hypothesis Testing. In: Proc. of the 2004 IEEE Symposium on Security and Privacy (S&P’04),, IEEE Computer Society Press, Los Alamitos (2004)
Google Scholar
Number of Hosts advertised in the DNS. Internet Domain Survey (July 2005), http://www.isc.org/index.pl?/ops/ds/reports/2005-07/
Kumar, A., Paxson, V., Weaver, N.: Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event. In: ACM Internet Measurement Conference, ACM Press, New York (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Information Technology, Tokai University, 1117 Kitakaname, Hiratsuka, Kangawa, Japan
Hiroaki Kikuchi
Hitachi, Ltd. Hitachi Incident Response Team (HIRT) 890 Kashimada, Kawasaki, Kanagawa 212-8567,
Masato Terada

Authors

Hiroaki Kikuchi
View author publications
You can also search for this author in PubMed Google Scholar
Masato Terada
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Jae Kwang Lee Okyeon Yi Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kikuchi, H., Terada, M. (2007). How Many Malicious Scanners Are in the Internet?. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_29

Download citation

DOI: https://doi.org/10.1007/978-3-540-71093-6_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics