IPv6 active address discovery algorithm based on multi-level classification and space modeling
LI Guo1, HE Lin1, SONG Guanglei1, WANG Zhiliang1,2, YANG Jiahai1,2,3, LIN Jinlei1, GAO Hao1
1. Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China; 2. Beijing National Research Center for Information Science and Technology, Beijing 100084, China; 3. Peng Cheng Laboratory, Shenzhen 518000, China
Abstract:The enormous IPv6 address space makes it impossible to apply traditional IPv4 brute-force scanning for IPv6 active address discovery. This paper presents an IPv6 address discovery algorithm based on multi-level classification and space modeling. The multi-level classification algorithm uses multi-dimensional information for fine-grained division of the seed addresses. The space modeling uses four representation strategies to model any address set with pattern representation used to balance the low detection efficiency caused by the large modeling space and the sample error caused by the small modeling space. New active IPv6 addresses can be discovered by heuristic traversal of the pattern representation. Tests show that this address discovery algorithm has a higher hit rate than previous methods and verifies that the fine-grained division of the seed address improves the hit rate of the address discovery algorithm.
李果, 何林, 宋光磊, 王之梁, 杨家海, 林金磊, 高浩. 基于多层级分类和空间建模的IPv6活跃地址发现算法[J]. 清华大学学报(自然科学版), 2021, 61(10): 1177-1185.
LI Guo, HE Lin, SONG Guanglei, WANG Zhiliang, YANG Jiahai, LIN Jinlei, GAO Hao. IPv6 active address discovery algorithm based on multi-level classification and space modeling. Journal of Tsinghua University(Science and Technology), 2021, 61(10): 1177-1185.
[1] DURUMERIC Z, WUSTROW E, HALDERMAN J A. ZMap:Fast Internet-wide scanning and its security applications[C]//Proceedings of the 22nd USENIX Conference on Security (SEC'13). Washington DC, USA, 2013:605-620. [2] ULLRICH J, KIESEBERG P, KROMBHOLZ K, et al. On reconnaissance with IPv6:A pattern-based scanning approach[C]//10th International Conference on Availability, Reliability and Security (ARES). Toulouse, France, 2015:186-192. [3] FOREMSKI P, PLONKA D, BERGER A. Entropy/IP:Uncovering structure in IPv6 addresses[C]//Proceedings of the 2016 Internet Measurement Conference. Santa Monica, USA, 2016:167-181. [4] MURDOCK A, LI F, BRAMSEN P, et al. Target generation for Internet-wide IPv6 scanning[C]//Proceedings of the 2017 Internet Measurement Conference. London, UK, 2017:242-253. [5] GASSER O, SCHEITLE Q, FOREMSKI P, et al. Clusters in the expanse:Understanding and unbiasing IPv6 hitlists[C]//Internet Measurement Conference (IMC). Boston, USA, 2018:364-378. [6] LIU Z Z, XIONG Y Q, LIU X, et al. 6Tree:Efficient dynamic discovery of active addresses in the IPv6 address space[J]. Computer Networks, 2019, 155:31-46. [7] SONG G L, HE L, WANG Z L, et al. Towards the construction of global IPv6 hitlist and efficient probing of IPv6 address space[C]//International Symposium on Quality of Service (IWQoS). Hangzhou, China, 2020:1-10. [8] NMAP. Top 20 and 200 most scanned ports in the cybersecurity industry[Z/OL].[2021-01-15]. https://nmap.org/book/port-scanning.html#most-popular-ports. [9] PLONKA D, BERGER A. Temporal and spatial classification of active IPv6 addresses[C]//Internet Measurement Conference (IMC). Tokyo, Japan, 2015:509-522. [10] RICHTER P, SMARAGDAKIS G, PLONKA D, et al. Beyond counting:New perspectives on the active IPv4 address space[C]//Internet Measurement Conference (IMC). Santa Monica, USA, 2016:135-149. [11] MCINNES L, HEALY J, ASTELS S. hdbscan:Hierarchical density based clustering[J]. The Journal of Open Source Software, 2017, 2(11):205. [12] GASSER O, SCHEITLE Q, GEBHARD S, et al. Scanning the IPv6 Internet:Towards a comprehensive hitlist[C]//Proceeding of the 8th International Workshop on Traffic Monitoring and Analysis (TMA). Louvain-la-Neuve, Belgium, 2016:1-8. [13] NMAP. Nmap:The network mapper[Z/OL].[2021-01-15]. https://nmap.org. [14] PYASN. PYASN[Z/OL].[2020-12-24]. https://github.com/hadiasghari/pyasn.