国際会議ICBIR2025でM2 鹿内さんが発表しました.
2025年5月22日(木)・23日(日)にタイの Thai-Nichi Institute of Technology (泰日工業大学) で開催された国際会議 2025 10th International Conference on Business and Industrial Research (ICBIR2025) において,修士2年生の鹿内 嵩天さんが以下の研究発表を行いました.
- Characterizing Internet-Wide Research Scanning in Darknet Traffic Through Comparative Analysis of Detection Methods
- Takuma Shikanai, Hiroshi Tsunoda
- 2025 10th International Conference on Business and Industrial Research (ICBIR), May 2025
- Abstract: Darknet refers to reachable but unused IP address spaces, capturing only suspicious traffic distributed to unspecified multiple targets. Analyzing this traffic is crucial for understanding cyberattack trends on the Internet. In recent years, the increasing traffic caused by Internet-wide research scanning activity has become an obstacle in distinguishing cyberattack patterns in darknet traffic. Therefore, identifying and filtering research scanning traffic is important, and several methods have been proposed to remove the sources of research scanning traffic. However, there has been no comparative analysis of such metrics. In this paper, we apply different metrics to real darknet traffic data, visualize the results, and analyze the characteristics and limitations of each metric. Furthermore, we investigate networks that were not identified as conducting research scanning yet exhibit similar behavioral patterns, focusing on two specific cases: networks that narrowly miss the identification thresholds within a single day, and networks that demonstrate slow-scanning patterns over extended periods. Our analysis reveals that while current metrics effectively detect large-scale scanning activities, they may overlook certain scanning patterns, particularly those distributed across multiple hosts or conducted over extended periods. These findings highlight the need for new identification methods to better understand the full scope of Internet-wide research scanning activities.