Skip to main content
Springer Nature Link
Log in

How Many Malicious Scanners Are in the Internet?

  • Conference paper
Information Security Applications (WISA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4298))

Included in the following conference series:

  • 507 Accesses

Abstract

Given independent multiple access-logs, we try to identify how many malicious hosts in the Internet. Our model of number of malicious hosts is a formalized as a function taking two inputs, a duration of sensing and a number of sensors. Under some assumptions for simplifying our model, by fitting the function into the experimental data observed for three sensors, in 13 weeks, we identify the size of the set of malicious hosts and the average number of scans they perform routinely. Main results of our study are as follows; the total number of malicious hosts that periodically performs port-scans is from 4,900 to 96,000, the malicious hosts density is about 1 out of 15,000 hosts, and an average malicious host performs 78 port-scans per second.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Sugiyama, et al.: The analysis of the number of the unauthorized computer be decentralized observation of the Internet (in Japanese). IPSJ, FIT 2005, (2005)

    Google Scholar 

  2. Terada, M., Takada, S., Doi, N.: Proposal for the Experimental Environment for Network Worm Infection ((in Japanese)). Trans. of IPSJ 46(8), 2014–2024 (2005)

    Google Scholar 

  3. Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast Portscan Detection Using Sequential Hypothesis Testing. In: Proc. of the 2004 IEEE Symposium on Security and Privacy (S&P’04),, IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  4. Number of Hosts advertised in the DNS. Internet Domain Survey (July 2005), http://www.isc.org/index.pl?/ops/ds/reports/2005-07/

  5. Kumar, A., Paxson, V., Weaver, N.: Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event. In: ACM Internet Measurement Conference, ACM Press, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Tokai University, 1117 Kitakaname, Hiratsuka, Kangawa, Japan

    Hiroaki Kikuchi

  2. Hitachi, Ltd. Hitachi Incident Response Team (HIRT) 890 Kashimada, Kawasaki, Kanagawa 212-8567,  

    Masato Terada

Authors
  1. Hiroaki Kikuchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masato Terada
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jae Kwang Lee Okyeon Yi Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Kikuchi, H., Terada, M. (2007). How Many Malicious Scanners Are in the Internet?. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71093-6_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71092-9

  • Online ISBN: 978-3-540-71093-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics