| 注册
首页|期刊导航|东南大学学报(自然科学版)|基于IBR的ShadowServer TCP扫描行为分析

基于IBR的ShadowServer TCP扫描行为分析

丁伟 王力 武秋韵 夏震

东南大学学报(自然科学版)2017,Vol.47Issue(z1):25-29,5.
东南大学学报(自然科学版)2017,Vol.47Issue(z1):25-29,5.DOI:10.3969/j.issn.1001-0505.2017.S1.005

基于IBR的ShadowServer TCP扫描行为分析

Analysis on ShadowServer TCP scanning behavior based on IBR

丁伟 1王力 1武秋韵 1夏震1

作者信息

  • 1. 东南大学计算机科学与工程学院,南京211189
  • 折叠

摘要

Abstract

To distinguish between malicious scanning and non-malicious scanning,a method for fil-tering non-malicious scanning traffic based on white list is proposed.First,a well-known security a-gency ShadowServer Foundation摧s scanning hosts are used as white list and some of the ShadowServ-er scanning hosts from the Shodan search engine are regarded as the initial white list.Then,the TCP scanning traffic is filtered based on the initial white list and the IBR traffic acquired on the CERNET Nanjing master node boundary.Finally,by analyzing the scanning behavior of the scanning traffic, a complete white list acquisition algorithm is designed to find out all the white list hosts.The experi-mental results show that,a total of 229 white list hosts are found and their IP addresses are mainly distributed in 4/26 network segment, in which the three network segments have the continuous ad-dresses and another network segment also has a certain law.In addition,based on the data obtained in the experiment,two cases and their analyses about the scanning for port 30022 and port 445(ex-tortion virus)are provided.

关键词

互联网背景辐射/扫描/ShadowServer/勒索病毒

Key words

internet background radiation(IBR)/scan/ShadowServer/extortion virus

分类

信息技术与安全科学

引用本文复制引用

丁伟,王力,武秋韵,夏震..基于IBR的ShadowServer TCP扫描行为分析[J].东南大学学报(自然科学版),2017,47(z1):25-29,5.

基金项目

国家自然科学基金资助项目(61602114). (61602114)

东南大学学报(自然科学版)

OA北大核心CSCDCSTPCD

1001-0505

访问量0
|
下载量0
段落导航相关论文