Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
| Hi-index | 0.00 |
Given independent multiple access-logs, we try to identify how many malicious hosts in the Internet. Our model of number of malicious hosts is a formalized as a function taking two inputs, a duration of sensing and a number of sensors. Under some assumptions for simplifying our model, by fitting the function into the experimental data observed for three sensors, in 13 weeks, we identify the size of the set of malicious hosts and the average number of scans they perform routinely. Main results of our study are as follows; the total number of malicious hosts that periodically performs port-scans is from 4,900 to 96,000, the malicious hosts density is about 1 out of 15,000 hosts, and an average malicious host performs 78 port-scans per second.