CSCI seminar series: A Novel Permutational Sampling Technique for Cooperative Network Scanning
12:00 PM - 01:00 PM Room Number : 800 (Mac Lab)
Lawrence Street Center
1380 Lawrence Street
Kuntal Das "A Novel Permutational Sampling Technique for Cooperative Network Scanning"
Kuntal is a master student and a member of the Active Cyber and Infrastructure Defense (ACID) Lab. He researches on discovering novel approaches for various problems in the area of cybersecurity, building lightweight cryptographic protocols using out-of-the-box mathematics to challenge the established ones or working on building new mechanisms for detecting, deterring and preventing smart intruders through cyber deception.
Random IP address scanning is a seminal network reconnaissance technique in discovering machines by port-scanners and for target or peer discovery by malwares. Among various random sampling techniques for scanning, cooperative or permutational scanning achieves the highest efficiency by allowing scanning agents to collaboratively ensure that every address in the target range is scanned only once, thus minimizing the overall scanning time and footprint (number of scans). Yet, no practical distributed mechanism for no-repetition sampling has been proposed in the literature, and existing approaches only strive for minimizing the repetition. In this paper, by relying on a unique property of primitive roots of prime numbers, we propose a practical distributed permutational sampling method that enables a group of agents to cooperatively scan an IPv4 address space without even a single repetition and very low execution time. Through analytical modeling and simulation, we show that our approach significantly outperforms existing scanning techniques, in reducing the scanning time and especially the scanning footprint. We also show that our approach achieves high pseudo-randomness (entropy) and robustness against brute-force guessing attacks. We also discuss potential defensive countermeasures against this approach for both fast high-rate and stealthy low-rate scanning.