Analysis of port scanning attacks

Yu Zhang, Purdue University

Abstract

In this research, we present theoretical models and practical solutions to model and analyze collaborative attacks, with a focus on port scanning attacks and malware propagation. We study the malware propagation and present results that help understand the effects of Multi-port scanning, Multi-threading, Infection time, Multiple starting points, and Collaboration (MMIMC) on malware propagation. This research quantitatively measures the effects of MMIMC on infected hosts. Experimental results show that the above issues significantly affect malware propagation and verify our analysis. We discuss architectures, polices, and allocation schemes for collaborative attackers. We present a fast DHT-based collaborative attack scheme that aims to eliminate duplicate attacks, minimize contention, and significantly increase the attack speed. We propose different collaboration strategies and analyze their advantages and disadvantages. We discuss the static, dynamic, and hybrid target selection and allocation schemes. We present the algorithm details and discuss the stop and revisit policies for collaborative attackers. Our experimental results suggest that collaborative attacks can significantly out-perform individual attackers, and provide insights into many design and implementation issues.

Degree

Ph.D.

Advisors

Bhargava, Purdue University.

Subject Area

Computer science

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server
.

Share

COinS