A search engine backed by Internet-wide scanning

Zakir Durumeric; David Adrian; Ariana Mirian; Michael Bailey; J. Alex Halderman

doi:10.1145/2810103.2813703

A search engine backed by Internet-wide scanning

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, J. Alex Halderman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Fast Internet-wide scanning has opened new avenues for security research, ranging from uncovering widespread vulnerabilities in random number generators to tracking the evolving impact of Heartbleed. However, this technique still requires significant effort: even simple questions, such as, "What models of embedded devices prefer CBC ciphers?", require developing an application scanner, manually identifying and tagging devices, negotiating with network administrators, and responding to abuse complaints. In this paper, we introduce Censys, a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans. Designed to help researchers answer security-related questions, Censys supports full-text searches on protocol banners and querying a wide range of derived fields (e.g., 443.https.cipher). It can identify specific vulnerable devices and networks and generate statistical reports on broad usage patterns and trends. Censys returns these results in sub-second time, dramatically reducing the effort of understanding the hosts that comprise the Internet. We present the search engine architecture and experimentally evaluate its performance. We also explore Censys's applications and show how questions asked in recent studies become simple to answer.

Original language	English (US)
Title of host publication	CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	542-553
Number of pages	12
ISBN (Electronic)	9781450338325
DOIs	https://doi.org/10.1145/2810103.2813703
State	Published - Oct 12 2015
Event	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States Duration: Oct 12 2015 → Oct 16 2015

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
Volume	2015-October
ISSN (Print)	1543-7221

Other

Other	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Country/Territory	United States
City	Denver
Period	10/12/15 → 10/16/15

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/2810103.2813703

Library availability

Discover UIUC Full Text

Cite this

Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., & Halderman, J. A. (2015). A search engine backed by Internet-wide scanning. In CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 542-553). (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2015-October). Association for Computing Machinery. https://doi.org/10.1145/2810103.2813703

A search engine backed by Internet-wide scanning. / Durumeric, Zakir; Adrian, David; Mirian, Ariana et al.
CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2015. p. 542-553 (Proceedings of the ACM Conference on Computer and Communications Security; Vol. 2015-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Durumeric, Z, Adrian, D, Mirian, A, Bailey, M & Halderman, JA 2015, A search engine backed by Internet-wide scanning. in CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, vol. 2015-October, Association for Computing Machinery, pp. 542-553, 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, Denver, United States, 10/12/15. https://doi.org/10.1145/2810103.2813703

@inproceedings{82fff3f2b02743ee90abd5ec44bff482,

title = "A search engine backed by Internet-wide scanning",

abstract = "Fast Internet-wide scanning has opened new avenues for security research, ranging from uncovering widespread vulnerabilities in random number generators to tracking the evolving impact of Heartbleed. However, this technique still requires significant effort: even simple questions, such as, {"}What models of embedded devices prefer CBC ciphers?{"}, require developing an application scanner, manually identifying and tagging devices, negotiating with network administrators, and responding to abuse complaints. In this paper, we introduce Censys, a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans. Designed to help researchers answer security-related questions, Censys supports full-text searches on protocol banners and querying a wide range of derived fields (e.g., 443.https.cipher). It can identify specific vulnerable devices and networks and generate statistical reports on broad usage patterns and trends. Censys returns these results in sub-second time, dramatically reducing the effort of understanding the hosts that comprise the Internet. We present the search engine architecture and experimentally evaluate its performance. We also explore Censys's applications and show how questions asked in recent studies become simple to answer.",

author = "Zakir Durumeric and David Adrian and Ariana Mirian and Michael Bailey and Halderman, {J. Alex}",

note = "The authors thank Ben Burgess, Alishah Chator, Henry Fanson, and Harsha Gotur for their help building Censys. We thank the exceptional sysadmins at the University of Michigan for their help and support throughout this project, including Chris Brenner, Kevin Cheek, Laura Fink, Dan Maletta, Jeff Richardson, Donald Welch, Don Winsor, and others from ITS, CAEN, and DCO. We are extremely grateful to Elie Bursztein and the Google Anti-abuse team for their support and advice, without whose help this project would not have been possible. We also thank Brad Campbell, Aleksander Durumeric, James Kasten, Kyle Lady, Adam Langley, HD Moore, Pat Pannuto, Paul Pearce, Niels Provos, Mark Schloesser, Eric Wustrow, our anonymous reviewers for valuable feedback, and the many contributors to the ZMap and ZGrab open source projects. This material is based upon work supported by the National Science Foundation under grants CNS-1111699, CNS-1255153, CNS-1345254, CNS-1409505, CNS-1409758, and CNS-1518741, by the Google Ph.D. Fellowship in Computer Security, by the Morris Wellman Faculty Development Assistant Professorship, and by an Alfred P. Sloan Foundation Research Fellowship.; 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 ; Conference date: 12-10-2015 Through 16-10-2015",

year = "2015",

month = oct,

day = "12",

doi = "10.1145/2810103.2813703",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "542--553",

booktitle = "CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

TY - GEN

T1 - A search engine backed by Internet-wide scanning

AU - Durumeric, Zakir

AU - Adrian, David

AU - Mirian, Ariana

AU - Bailey, Michael

AU - Halderman, J. Alex

N1 - The authors thank Ben Burgess, Alishah Chator, Henry Fanson, and Harsha Gotur for their help building Censys. We thank the exceptional sysadmins at the University of Michigan for their help and support throughout this project, including Chris Brenner, Kevin Cheek, Laura Fink, Dan Maletta, Jeff Richardson, Donald Welch, Don Winsor, and others from ITS, CAEN, and DCO. We are extremely grateful to Elie Bursztein and the Google Anti-abuse team for their support and advice, without whose help this project would not have been possible. We also thank Brad Campbell, Aleksander Durumeric, James Kasten, Kyle Lady, Adam Langley, HD Moore, Pat Pannuto, Paul Pearce, Niels Provos, Mark Schloesser, Eric Wustrow, our anonymous reviewers for valuable feedback, and the many contributors to the ZMap and ZGrab open source projects. This material is based upon work supported by the National Science Foundation under grants CNS-1111699, CNS-1255153, CNS-1345254, CNS-1409505, CNS-1409758, and CNS-1518741, by the Google Ph.D. Fellowship in Computer Security, by the Morris Wellman Faculty Development Assistant Professorship, and by an Alfred P. Sloan Foundation Research Fellowship.

PY - 2015/10/12

Y1 - 2015/10/12

N2 - Fast Internet-wide scanning has opened new avenues for security research, ranging from uncovering widespread vulnerabilities in random number generators to tracking the evolving impact of Heartbleed. However, this technique still requires significant effort: even simple questions, such as, "What models of embedded devices prefer CBC ciphers?", require developing an application scanner, manually identifying and tagging devices, negotiating with network administrators, and responding to abuse complaints. In this paper, we introduce Censys, a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans. Designed to help researchers answer security-related questions, Censys supports full-text searches on protocol banners and querying a wide range of derived fields (e.g., 443.https.cipher). It can identify specific vulnerable devices and networks and generate statistical reports on broad usage patterns and trends. Censys returns these results in sub-second time, dramatically reducing the effort of understanding the hosts that comprise the Internet. We present the search engine architecture and experimentally evaluate its performance. We also explore Censys's applications and show how questions asked in recent studies become simple to answer.

AB - Fast Internet-wide scanning has opened new avenues for security research, ranging from uncovering widespread vulnerabilities in random number generators to tracking the evolving impact of Heartbleed. However, this technique still requires significant effort: even simple questions, such as, "What models of embedded devices prefer CBC ciphers?", require developing an application scanner, manually identifying and tagging devices, negotiating with network administrators, and responding to abuse complaints. In this paper, we introduce Censys, a public search engine and data processing facility backed by data collected from ongoing Internet-wide scans. Designed to help researchers answer security-related questions, Censys supports full-text searches on protocol banners and querying a wide range of derived fields (e.g., 443.https.cipher). It can identify specific vulnerable devices and networks and generate statistical reports on broad usage patterns and trends. Censys returns these results in sub-second time, dramatically reducing the effort of understanding the hosts that comprise the Internet. We present the search engine architecture and experimentally evaluate its performance. We also explore Censys's applications and show how questions asked in recent studies become simple to answer.

UR - http://www.scopus.com/inward/record.url?scp=84954147468&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84954147468&partnerID=8YFLogxK

U2 - 10.1145/2810103.2813703

DO - 10.1145/2810103.2813703

M3 - Conference contribution

AN - SCOPUS:84954147468

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 542

EP - 553

BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015

Y2 - 12 October 2015 through 16 October 2015

ER -

A search engine backed by Internet-wide scanning

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this