Title :
Mining Large Network Reconnaissance Data
Author :
Yarochkin, Fyodor ; Yennun Huang ; Yung-Li Hu ; Sy-Yen Kuo
Author_Institution :
Dept. of Electr. Eng., Nat. Taiwan Univ., Taipei, Taiwan
Abstract :
This paper examines techniques for a large network infrastructure reconnaissance and dives into a real-world case study of a nation-wide passive network vulnerability assessment. The main goal of this study is to understand methods of a large network risk evaluation and conduct practical experiments using a national network. The main contribution of this paper is a non-intrusive method of a large network infrastructure reconnaissance and an application of acquired data to measure network vulnerability exposures within the analysed network. In this study our assumption is based on an estimation that actual threats come from the actively exploited vulnerabilities. Information on exploit-targeted platforms and vulnerabilities could be easily collected from a large set of malicious websites and automatically turned into signatures. We propose an automated method of building such signatures and use those to analyse the reconnaissance data set to identify ranges of vulnerable systems.
Keywords :
IP networks; Web sites; computer network security; data analysis; data mining; risk analysis; IP address; exploit-targeted platform; large network infrastructure reconnaissance; large network reconnaissance data mining; large network risk evaluation; malicious Websites; nation-wide passive network vulnerability assessment; national network; network vulnerability exposure measurement; nonintrusive method; reconnaissance data analysis; vulnerable systems; Browsers; Data mining; Databases; IP networks; Internet; Reconnaissance; network security; reconnaissance; risk analysis; security evaluation; vulnerability assessment;
Conference_Titel :
Dependable Computing (PRDC), 2013 IEEE 19th Pacific Rim International Symposium on
Conference_Location :
Vancouver, BC
DOI :
10.1109/PRDC.2013.38
