Files in this item



application/pdfSP21-ECE499-Thesis-Hsu, Amanda.pdf (852kB)Restricted to U of Illinois
(no description provided)PDF


Title:Exploring Boundaries Between Organizations via IPv4 Scan Data
Author(s):Hsu, Amanda
Contributor(s):Caesar, Matthew
Degree:B.S. (bachelor's)
internet scanning
Abstract:Attack Surface Management (ASM) is an increasingly popular solutions service that uses external perspectives on an organization’s online resources to address a variety of cybersecurity challenges. However, one of the most challenging parts of this service is determining which hosts belong to a particular organization. This thesis proposes a new technique to identify which IP address blocks belong to a specific organization. We calculate the entropy between various characteristics of grouped hosts within an organization to develop a unique, comparable, organization fingerprint. Then, we use the fingerprint to predict whether another netblock will belong to the organization. To do this, we examine WHOIS registrations in bulk from ARIN, the North American Regional Internet Registry (RIR), in comparison with host scanning data from Censys. Through this process, we explore the boundaries between organizations. That is, we determine what IP host characteristics (such as protocols, autonomous system, and location) are most important in creating a unique, distinct, organization fingerprint. Additionally, we prove that scan data is a reliable source of data to identify an organization's attack surface. We develop a scoring metric to determine how similar a particular netblock is to an organization where low scores indicate a netblock that belongs to the organization and high scores indicate the netblock is not related to the organization. Finally, we prove our methodology is reliable with 97% success in our results.
Issue Date:2021-05
Genre:Dissertation / Thesis
Date Available in IDEALS:2021-08-12

This item appears in the following Collection(s)

Item Statistics