Go to DBLP homepage6Subpattern: Target Generation Based on Subpattern Analysis for Internet-Wide IPv6 Scanning
Abstract: IP scanning is crucial for network management and security. However, the brute-force scanning is infeasible in IPv6 networks due to the vast address space. Consequently, target generation algorithms (TGAs) have become necessary to address this issue. Nevertheless, existing algorithms often struggle with low hit rates due to coarse-grained pattern mining. To address this problem, we propose 6Subpattern, a target generation algorithm based on subpattern analysis for Internet-wide IPv6 scanning. 6Subpattern first clusters seeds into high-density regions according to the seed structure information. Subsequently, pattern mining and subpattern analysis are carried out in these regions. Different from previous works, 6Subpattern can obtain all fine-grained patterns while automatically avoiding the influence of outlier addresses and the quandary of setting heuristic thresholds through subpattern analysis. Moreover, pattern refining is conducted based on the distribution of nibbles in address regions to further narrow the scanning space. Finally, targets are effectively generated according to the density of the patterns. Experimental results on real-world networks demonstrate that the address patterns discovered by 6Subpattern provide a superior scanning space than existing algorithms. Further results of hit rates on nine candidate seed sets reveal that 6Subpattern can achieve a 53%-315% improvement over the static TGAs on all seed sets and achieve a 15%-25% improvement on all randomly sampled seed sets compared with dynamic TGAs in Internet-wide IPv6 scanning.
Loading