{"id":13166,"date":"2021-12-06T19:26:37","date_gmt":"2021-12-07T00:26:37","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13166"},"modified":"2021-12-06T19:26:37","modified_gmt":"2021-12-07T00:26:37","slug":"tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/","title":{"rendered":"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/\">Technical Report<\/a> TR-06-06<br \/>\nApril 19, 2006<\/p>\n<h2>Exposure Maps: Removing Reliance on Attribution During Scan Detection<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<p class=\"tr_t3\">David Whyte, P.C. Van Oorschot, Evangelos Kranakis<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Current scanning detection algorithms are based on an underlying assumption that scanning activity can be attributed to a meaningful specific source (i.e. the root cause or scan controller). Sophisticated scanning activity including the use of botnets, idle scanning, and throwaway systems violates this fundamental assumption. We propose that scanning detection algorithms should focus on what is being scanned for instead of who is performing the scanning. We pursue this idea, introduce the concept of exposure maps, and report on a preliminary proof-of-concept that allows one to: (1) estimate the information or exposures revealed to an adversary as a result of scanning activity, (2) detect sophisticated or targeted scanning activity with a footprint as low as a single packet or event, and (3) discover real-time changes in network exposures that may be indicative of a successful attack.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-06-06.pdf\">TR-06-06.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van Oorschot, Evangelos Kranakis Abstract Current scanning detection algorithms are based on an underlying assumption that scanning activity can be attributed to a meaningful specific source (i.e. the root cause or scan controller). Sophisticated scanning [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12352,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/\",\"name\":\"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-07T00:26:37+00:00\",\"dateModified\":\"2021-12-07T00:26:37+00:00\",\"description\":\"Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2006\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection - School of Computer Science","description":"Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/","name":"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-07T00:26:37+00:00","dateModified":"2021-12-07T00:26:37+00:00","description":"Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2006","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/"},{"@type":"ListItem","position":5,"name":"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13166"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166\/revisions"}],"predecessor-version":[{"id":13167,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166\/revisions\/13167"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12352"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}