Iteratively Detecting Collaborative Scanner Fingerprints

An Iterative Approach to Identifying Fingerprints using Stratified Sampling

Bachelor thesis (2024)

Authors

J. Jongsma Electrical Engineering, Mathematics and Computer Science

Contributors

H.J. Griffioen Cyber Security - EEMCS (mentor)
G. Smaragdakis Cyber Security - EEMCS (mentor)
Kubilay Atasu Data-Intensive Systems - EEMCS (graduation committee member)
Faculty
Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science
More Info
expand_more

Published Date

27-06-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

The first step of many cyber attacks is the reconnaissance phase. One of many reconnaissance methods employed by adversaries is internet-wide scanning, which
probes the entire internet to find which hosts have open ports. These scans are practically
impossible to detect by a firewall or Intrusion Detection System if an attacker chooses to
distribute their scan on multiple hosts. Many of these scans embed a fingerprint in their
packets, which can easily be detected if they are known. Previous studies have developed
an algorithm that is able to identify these fingerprints, but they were not able to identify
fingerprints for large portion of their data. This study proposes an iterative approach
using stratified sampling, in order to see how this affects accuracy. An experiment showed
the algorithm is able to identify fingerprints for sets of packets that make up less than
0.5% of all packets, and less than 0.0001% of sources. Analysis of the fingerprinted groups
indicated that these groups are not part of a collaborative scanner, but hold for the same
fingerprint by coincidence.