Searching for open windows and unlocked doors: port scanning in large-scale commodity clusters

Authors:
A. J. Lee;G. A. Koenig;Xin Meng;W. Yurcik
Affiliations:
Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA;Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA;Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA;Nat. Center for Supercomput. Applications, Illinois Univ., Urbana-Champaign, IL, USA
Venue:
CCGRID '05 Proceedings of the Fifth IEEE International Symposium on Cluster Computing and the Grid - Volume 01
Year:
2005

Citing 0
Cited 2

Application of Clustering Techniques in a Network Security Testing System

Proceedings of the 2005 conference on Artificial Intelligence Research and Development
Wireless insecurity: examining user security behavior on public networks

Communications of the ACM

Quantified Score

Hi-index	0.02

Visualization

Abstract

Current methods for monitoring the security of large-scale commodity clusters tend to treat these clusters as nothing more than collections of independent nodes. As such, the techniques used to secure these clusters have, for the most part, been adaptations of techniques developed for securing and monitoring enterprise computing environments. We have previously proposed the idea of monitoring the security-state of large-scale commodity clusters by examining their emergent properties, that is, properties that are only visible when one ceases to look at a cluster as a collection of disparate nodes and begins to look at the properties of the cluster as a whole. We show that by correlating the open network ports observed on cluster nodes with other emergent properties - such as active processes and the contents of important system files - security analysts can make insightful observations that can greatly restrict the actions that an attacker can carry out undetected.