IPv6 active address discovery algorithm based on multi-level classification and space modeling

LI Guo; HE Lin; SONG Guanglei; WANG Zhiliang; YANG Jiahai; LIN Jinlei; GAO Hao

doi:10.16511/j.cnki.qhdxxb.2021.22.017

PDF(3593 KB)

Journal of Tsinghua University(Science and Technology) ›› 2021, Vol. 61 ›› Issue (10) : 1177-1185. DOI: 10.16511/j.cnki.qhdxxb.2021.22.017

COMPUTER SCIENCE AND TECHNOLOGY

IPv6 active address discovery algorithm based on multi-level classification and space modeling

{{article.zuoZhe_EN}}

Author information +

History +

Abstract

The enormous IPv6 address space makes it impossible to apply traditional IPv4 brute-force scanning for IPv6 active address discovery. This paper presents an IPv6 address discovery algorithm based on multi-level classification and space modeling. The multi-level classification algorithm uses multi-dimensional information for fine-grained division of the seed addresses. The space modeling uses four representation strategies to model any address set with pattern representation used to balance the low detection efficiency caused by the large modeling space and the sample error caused by the small modeling space. New active IPv6 addresses can be discovered by heuristic traversal of the pattern representation. Tests show that this address discovery algorithm has a higher hit rate than previous methods and verifies that the fine-grained division of the seed address improves the hit rate of the address discovery algorithm.

Key words

IPv6 / network measurements / scanning / address discovery / address classification

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

LI Guo, HE Lin, SONG Guanglei, WANG Zhiliang, YANG Jiahai, LIN Jinlei, GAO Hao. IPv6 active address discovery algorithm based on multi-level classification and space modeling[J]. Journal of Tsinghua University(Science and Technology). 2021, 61(10): 1177-1185 https://doi.org/10.16511/j.cnki.qhdxxb.2021.22.017

References

[1] DURUMERIC Z, WUSTROW E, HALDERMAN J A. ZMap:Fast Internet-wide scanning and its security applications[C]//Proceedings of the 22nd USENIX Conference on Security (SEC'13). Washington DC, USA, 2013:605-620.
[2] ULLRICH J, KIESEBERG P, KROMBHOLZ K, et al. On reconnaissance with IPv6:A pattern-based scanning approach[C]//10th International Conference on Availability, Reliability and Security (ARES). Toulouse, France, 2015:186-192.
[3] FOREMSKI P, PLONKA D, BERGER A. Entropy/IP:Uncovering structure in IPv6 addresses[C]//Proceedings of the 2016 Internet Measurement Conference. Santa Monica, USA, 2016:167-181.
[4] MURDOCK A, LI F, BRAMSEN P, et al. Target generation for Internet-wide IPv6 scanning[C]//Proceedings of the 2017 Internet Measurement Conference. London, UK, 2017:242-253.
[5] GASSER O, SCHEITLE Q, FOREMSKI P, et al. Clusters in the expanse:Understanding and unbiasing IPv6 hitlists[C]//Internet Measurement Conference (IMC). Boston, USA, 2018:364-378.
[6] LIU Z Z, XIONG Y Q, LIU X, et al. 6Tree:Efficient dynamic discovery of active addresses in the IPv6 address space[J]. Computer Networks, 2019, 155:31-46.
[7] SONG G L, HE L, WANG Z L, et al. Towards the construction of global IPv6 hitlist and efficient probing of IPv6 address space[C]//International Symposium on Quality of Service (IWQoS). Hangzhou, China, 2020:1-10.
[8] NMAP. Top 20 and 200 most scanned ports in the cybersecurity industry[Z/OL].[2021-01-15]. https://nmap.org/book/port-scanning.html#most-popular-ports.
[9] PLONKA D, BERGER A. Temporal and spatial classification of active IPv6 addresses[C]//Internet Measurement Conference (IMC). Tokyo, Japan, 2015:509-522.
[10] RICHTER P, SMARAGDAKIS G, PLONKA D, et al. Beyond counting:New perspectives on the active IPv4 address space[C]//Internet Measurement Conference (IMC). Santa Monica, USA, 2016:135-149.
[11] MCINNES L, HEALY J, ASTELS S. hdbscan:Hierarchical density based clustering[J]. The Journal of Open Source Software, 2017, 2(11):205.
[12] GASSER O, SCHEITLE Q, GEBHARD S, et al. Scanning the IPv6 Internet:Towards a comprehensive hitlist[C]//Proceeding of the 8th International Workshop on Traffic Monitoring and Analysis (TMA). Louvain-la-Neuve, Belgium, 2016:1-8.
[13] NMAP. Nmap:The network mapper[Z/OL].[2021-01-15]. https://nmap.org.
[14] PYASN. PYASN[Z/OL].[2020-12-24]. https://github.com/hadiasghari/pyasn.