Entropy/IP: Uncovering Structure in IPv6 Addresses

June 14, 2016 ยท Entered Twilight ยท ๐Ÿ› ACM/SIGCOMM Internet Measurement Conference

๐ŸŒ… TWILIGHT: Old Age
Predates the code-sharing era โ€” a pioneer of its time

"No code URL or promise found in abstract"
"Code repo scraped from project page (backfill)"

Evidence collected by the PWNC Scanner

Repo contents: ALL.sh, LICENSE, README.md, a1-segments.py, a2-mining.py, a3-encode.py, a4-bayes-prepare.sh, a5-bayes.sh, b1-webreport.sh, bin, c1-gen.py, c2-decode.py, css, js

Authors Pawel Foremski, David Plonka, Arthur Berger arXiv ID 1606.04327 Category cs.NI: Networking & Internet Cross-listed cs.AI, cs.IT Citations 107 Venue ACM/SIGCOMM Internet Measurement Conference Repository https://github.com/akamai/entropy-ip โญ 27 Last Checked 1 month ago
Abstract
In this paper, we introduce Entropy/IP: a system that discovers Internet address structure based on analyses of a subset of IPv6 addresses known to be active, i.e., training data, gleaned by readily available passive and active means. The system is completely automated and employs a combination of information-theoretic and machine learning techniques to probabilistically model IPv6 addresses. We present results showing that our system is effective in exposing structural characteristics of portions of the IPv6 Internet address space populated by active client, service, and router addresses. In addition to visualizing the address structure for exploration, the system uses its models to generate candidate target addresses for scanning. For each of 15 evaluated datasets, we train on 1K addresses and generate 1M candidates for scanning. We achieve some success in 14 datasets, finding up to 40% of the generated addresses to be active. In 11 of these datasets, we find active network identifiers (e.g., /64 prefixes or `subnets') not seen in training. Thus, we provide the first evidence that it is practical to discover subnets and hosts by scanning probabilistically selected areas of the IPv6 address space not known to contain active hosts a priori.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Networking & Internet