Scanner hunter: understanding HTTP scanning traffic
作者: Guowu Xie , Huy Hang , Michalis Faloutsos
关键词:
摘要: This paper focuses on detecting and studying HTTP scanners, which are malicious entities that explore a website selectively for "opportunities" can potentially be used subsequent intrusion attempts. Interestingly, there is practically no prior work the detection of these entities, different from web crawlers or machines performing network-level reconnaissance activities such as port scanning. Detecting scanners challenging they stealthy often only probe few key places website, so finding them needle-in-the-haystack problem. At same time, pose serious risk because perform first, exploratory step to provide seed information may allow hackers compromise website. Our makes two main contributions. First, we propose Scanner Hunter, arguably first method detect efficiently. The novelty success lies in use community structure, an appropriately constructed bipartite graph, order expose groups scanners. rationale aggregated behavior identifying easier than attempting profile label IP addresses individually. Hunter achieves impressive 96.5% precision, roughly twice high precision Machine Learning-based methods reference. Second, extensive study effort understand: (a) their spatial temporal properties, (b) techniques tools by (c) types resources looking for, provides hints what penetration attempt target. We six months worth traffic logs collected 2012 University campus, websites hosted received over 1.9 billion requests 12.8 million IPs. found number non-trivial with 4,000 IPs engaging this type activity per week. will hopefully raise awareness regarding problem while at time promising technique basis mitigating posed
acm.org
sci-hub.se 参考文章(18)
Peter Eckersley, How unique is your web browser privacy enhancing technologies. pp. 1- 18 ,(2010) , 10.1007/978-3-642-14527-8_1
Leonard E. Trigg, Mark A. Hall, Ian H. Witten, Eibe Frank, Sally Jo Cunningham, Geoffrey Holmes, Weka: Practical machine learning tools and techniques with Java implementations ,(1999)
Jaeyeon Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing ieee symposium on security and privacy. pp. 211- 225 ,(2004) , 10.1109/SECPRI.2004.1301325
H. Frystyk, L. Masinter, J. Mogul, J. Gettys, R. Fielding, P. Leach, T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1 acm conference on hypertext. ,vol. 2068, pp. 1- 162 ,(1997)
Anália Lourenço, Orlando Belo, Applying Clickstream Data Mining to Real-Time Web Crawler Detection and Containment Using ClickTips Platform GfKl. pp. 351- 358 ,(2007) , 10.1007/978-3-540-70981-7_39
Christopher Kruegel, Adam Doupé, Ludovico Cavedon, Giovanni Vigna, Enemy of the state: a state-aware black-box web vulnerability scanner usenix security symposium. pp. 26- 26 ,(2012)
Mark Meiss, Filippo Menczer, Alessandro Vespignani, On the lack of typical behavior in the global Web traffic network the web conference. pp. 510- 518 ,(2005) , 10.1145/1060745.1060820
Ram Keralapura, Antonio Nucci, Zhi-Li Zhang, Lixin Gao, Profiling users in a 3g network using hourglass co-clustering acm/ieee international conference on mobile computing and networking. pp. 341- 352 ,(2010) , 10.1145/1859995.1860034
Kevin Borders, Atul Prakash, Web tap: detecting covert web traffic computer and communications security. pp. 110- 120 ,(2004) , 10.1145/1030083.1030100
Stefan Kals, Engin Kirda, Christopher Kruegel, Nenad Jovanovic, SecuBat Proceedings of the 15th international conference on World Wide Web - WWW '06. pp. 247- 256 ,(2006) , 10.1145/1135777.1135817