{"id":13166,"date":"2021-12-06T19:26:37","date_gmt":"2021-12-07T00:26:37","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13166"},"modified":"2026-06-02T14:59:24","modified_gmt":"2026-06-02T18:59:24","slug":"tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-06-exposure-maps-removing-reliance-on-attribution-during-scan-detection\/","title":{"rendered":"TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection"},"content":{"rendered":"\n
\n
\n\n
\n
\n
\n

\n TR-06-06: Exposure Maps: Removing Reliance on Attribution During Scan Detection\n <\/h1>\n \n \n <\/header>\n\n <\/div>\n\n <\/div>\n\n <\/div>\n<\/section>\n\n

Carleton University
\nTechnical Report<\/a> TR-06-06
\nApril 19, 2006<\/p>\n\n\n\n

Exposure Maps: Removing Reliance on Attribution During Scan Detection<\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

David Whyte, P.C. Van Oorschot, Evangelos Kranakis<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\n

Abstract<\/h3>\n

Current scanning detection algorithms are based on an underlying assumption that scanning activity can be attributed to a meaningful specific source (i.e. the root cause or scan controller). Sophisticated scanning activity including the use of botnets, idle scanning, and throwaway systems violates this fundamental assumption. We propose that scanning detection algorithms should focus on what is being scanned for instead of who is performing the scanning. We pursue this idea, introduce the concept of exposure maps, and report on a preliminary proof-of-concept that allows one to: (1) estimate the information or exposures revealed to an adversary as a result of scanning activity, (2) detect sophisticated or targeted scanning activity with a footprint as low as a single packet or event, and (3) discover real-time changes in network exposures that may be indicative of a successful attack.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n

TR-06-06.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Carleton University Technical Report TR-06-06 April 19, 2006 Exposure Maps: Removing Reliance on Attribution During Scan Detection David Whyte, P.C. Van Oorschot, Evangelos Kranakis Abstract Current scanning detection algorithms are based on an underlying assumption that scanning activity can be attributed to a meaningful specific source (i.e. the root cause or scan controller). Sophisticated scanning […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12352,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13166","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13166"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166\/revisions"}],"predecessor-version":[{"id":13167,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13166\/revisions\/13167"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12352"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13166"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}