Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Floodless in seattle: a scalable ethernet architecture for large enterprises
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Towards a taxonomy of network scanning techniques
Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology
Internet traffic classification demystified: myths, caveats, and the best practices
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Scan Surveillance in Internet Networks
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
On the role of flows and sessions in internet traffic modeling: an explorative toy-model
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Estimating routing symmetry on single links by passive flow measurements
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Internet background radiation revisited
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Demystifying service discovery: implementing an internet-wide scanner
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Behavior-based worm detectors compared
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
SEATTLE: A Scalable Ethernet Architecture for Large Enterprises
ACM Transactions on Computer Systems (TOCS)
Discovering collaborative cyber attack patterns using social network analysis
SBP'11 Proceedings of the 4th international conference on Social computing, behavioral-cultural modeling and prediction
Network scan detection with LQS: a lightweight, quick and stateful algorithm
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
An analysis of longitudinal TCP passive measurements
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
A network activity classification schema and its application to scan detection
IEEE/ACM Transactions on Networking (TON)
Libtrace: a packet capture and analysis library
ACM SIGCOMM Computer Communication Review
Networking Recon: Network reconnaissance
Network Security
Intrusion Detection: Towards scalable intrusion detection
Network Security
Tracking malicious hosts on a 10gbps backbone link
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
On changing the culture of empirical internet assessment
ACM SIGCOMM Computer Communication Review
Demystifying internet-wide service discovery
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Incessant scanning of hosts by attackers looking for vulnerable servers has become a fact of Internet life. In this paper we present an initial study of the scanning activity observed at one site over the past 12.5 years. We study the onset of scanning in the late 1990s and its evolution in terms of characteristics such as the number of scanners, targets and probing patterns. While our study is preliminary in many ways, it provides the first longitudinal examination of a now ubiquitous Internet phenomenon.