Exploring Boundaries Between Organizations via IPv4 Scan Data

Hsu, Amanda

Permalink

https://hdl.handle.net/2142/110320 Copy

Description

Title

Exploring Boundaries Between Organizations via IPv4 Scan Data

Author(s)

Hsu, Amanda

Contributor(s)

Caesar, Matthew

Issue Date

2021-05

Keyword(s)

• cybersecurity
• organizations
• internet scanning

Abstract

Attack Surface Management (ASM) is an increasingly popular solutions service that uses external perspectives on an organization’s online resources to address a variety of cybersecurity challenges. However, one of the most challenging parts of this service is determining which hosts belong to a particular organization. This thesis proposes a new technique to identify which IP address blocks belong to a specific organization. We calculate the entropy between various characteristics of grouped hosts within an organization to develop a unique, comparable, organization fingerprint. Then, we use the fingerprint to predict whether another netblock will belong to the organization. To do this, we examine WHOIS registrations in bulk from ARIN, the North American Regional Internet Registry (RIR), in comparison with host scanning data from Censys. Through this process, we explore the boundaries between organizations. That is, we determine what IP host characteristics (such as protocols, autonomous system, and location) are most important in creating a unique, distinct, organization fingerprint. Additionally, we prove that scan data is a reliable source of data to identify an organization's attack surface. We develop a scoring metric to determine how similar a particular netblock is to an organization where low scores indicate a netblock that belongs to the organization and high scores indicate the netblock is not related to the organization. Finally, we prove our methodology is reliable with 97% success in our results.

Type of Resource

text

Language

en

Permalink

http://hdl.handle.net/2142/110320

Owning Collections