An Intelligent Technology For IPv6 Address Scanning

With the rapid development of the Internet of Things and mobile computing,the number of devices connected to the Internet has increased rapidly,and IPv4 addresses have been exhausted.The Internet has entered the IPv6 era.Although IPv6 has provided a large number of addresses for the development of the Internet,the vast address space has also introduced new problems.Internet-wide scanning has played a key role in network risk assessment and network asset discovery.However,the vast IPv6 address space means the failure of brute force scanning based on IPv4.Therefore,it is necessary to propose an intelligent technology for IPv6 address scanning.Its purpose is to find as many active IPv6 hosts as possible with the given scan budgets,so as to provide a basis of IPv6 network measurement.The existing methods have the following problems and shortcomings: low efficiency and low hit rate.Some methods have high time complexity and are not suitable for large-scale Internet scanning.Furthermore,the existing methods all have the problem of low hit rate.According to the target generation process of existing methods,it is found that the main reasons for the low hit rate are: inappropriate splitting indicators for IPv6 ad-dress space partition and IPv6 outlier seed interference.In order to address the above challenges,this paper makes the following work.First,this paper proposes a maximum covering-based IPv6 address space partition technology to overcome the disadvantages of the existing sequential space partition.Specif-ically,the process of IPv6 address space scanning is to collect a small number of known active IPv6 address ”seeds”,divide the entire address space into smaller areas based on the information of these seeds,and scan those possible high-density regions to find more IPv6 hosts.The new ”maximum coverage” splitting indicator for space partition has higher adaptability to complex and diverse seeds,and can significantly improve the quality of address space partition.Second,this paper proposes two new IPv6 outlier seed detection approaches,a graph-theoretic technology for IPv6 outlier seed detection and an ensemble learning-based tech-nology for IPv6 outlier seed detection to efficiently remove the IPv6 outlier seeds in the address regions after space partition.The existence of outlier seeds will cause the in-flation of scanning space,which will waste the scan budgets,and lead to poor scanning performance.The graph-theoretic technology for IPv6 outlier seed detection adopts the minimum spanning tree clustering as the unsupervised outlier detection algorithm,which can accurately eliminate outlier seeds in the address regions.To the best of our knowl-edge,It is the first technology to introduce unsupervised anomaly detection into IPv6 address space detection.The ensemble learning-based technology for IPv6 outlier seed detection introduces an improved isolation forest algorithm,which removes IPv6 outlier seeds while reducing time complexity and improving efficiency.Compared with the first technology,this technology has linear time complexity and is more efficient in detecting IPv6 outlier seeds.Besides,it is the first technology to introduce ensemble learning into IPv6 address space scanning.Finally,this paper proposes a pre-scanning-based technology for a large-scale IPv6 address scanning to address the scanning waste of existing methods.The IPv6 active ad-dress is unevenly distributed and the existing methods use a uniform and random scanning budget allocation strategy,which will inevitably result the waste of scanning budgets.To this end,this technology uses a small budget to estimate the hit rate of the address area with pre-scanning.Large-scale experiments have been carried out to prove that the pre-scanning can significantly increase the entire hit rate.And its mathematical proof is provided.The intelligent technology for IPv6 address scanning proposed in this paper includes a maximum covering-based IPv6 address space partition technology,a graph-theoretic technology for IPv6 outlier seed detection,an ensemble learning-based technology for IPv6 outlier seed detection,and a pre-scanning-based technology for large-scale IPv6 tar-get probe.These techniques have experimented on multiple multi-scale data sets.Further-more,the intelligent technology for IPv6 address scanning is deployed on the real network to explore IPv6 address space efficiently.The experimental results of real networks show that the intelligent technology for IPv6 address scanning in this paper is superior to the state-of-the-art methods.