Skip to main content
SpringerLink
Log in

Parallelized Cyber Reconnaissance Automation: A Real-Time and Scheduled Security Scanner

  • Chapter
  • First Online:
Cyber Security and Social Media Applications

Part of the book series: Lecture Notes in Social Networks ((LNSN))

  • 116 Accesses

Abstract

The extraordinary advancement of technology has increased the importance of achieving the required level of information security, which is still difficult to achieve. Recently, network and web application attacks have become more common, causing confidential data to be stolen by exploiting system vulnerabilities. The CIA Triad Model is broken as a result of this. In this work, with the aim of relieving real-world concerns, we present an enhanced schema for the first feature of the security engine we proposed in the previous paper. It is an automated security scanner based on parallelization for the active information-gathering phase. It supports real-time and scheduled system scans in parallel in the phase of active information gathering based on RESTful API allowing easy integration for real-life cases. With the integration of the message-broker software (RabbitMQ) that originally implemented the advanced message queuing protocol (AMQP), the user has the ability to create instant customized scans and check the related results. These features depend on Celery workers using asynchronous task queue which is reliant on distributed message passing to perform multiprocessing and concurrent execution of tasks. The system can be used by penetration testers, IT departments, and system administrators to monitor their system and grant high security and instant alarms in critical threats. An automated IP and port scanning, service-version enumeration, and security vulnerabilities detection system are the core of the proposed scheme project. The accuracy and efficiency of this technique have been demonstrated through a variety of test cases based on real-world events. The average time of scanning a server and detecting the vulnerabilities has been enhanced by 22.73% to become 1.7 minutes instead of 2.2 minutes. Similarly, the improvement ratio for run time, elapsed time and vulnerability detection are 20.40, 90.80, and 7.70% respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gamundani, A.M., Nekare, L.M.: A review of new trends in cyber attacks: a zoom into distributed database systems. In: 2018 IST-Africa Week Conference (IST-Africa), p. 1. IEEE, Piscataway (2018)

    Google Scholar 

  2. Arnaldy, D., Perdana, A.R.: Implementation and analysis of penetration techniques using the man-in-the-middle attack. In: 2019 2nd International Conference of Computer and Informatics Engineering (IC2IE), pp. 188–192. IEEE, Piscataway (2019)

    Google Scholar 

  3. Zhu, N., Chen, X., Zhang, Y.: Construction of overflow attacks based on attack element and attack template. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 540–544. IEEE, Piscataway (2011)

    Google Scholar 

  4. Kang, S., Qiaozhong, D., WeiQiang, Z.: Space information security and cyberspace defense technology. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 1509–1511. IEEE, Piscataway (2013)

    Google Scholar 

  5. Daria, G., Massel, A.: Intelligent system for risk identification of cybersecurity violations in energy facility. In: 2018 3rd Russian-Pacific Conference on Computer Technology and Applications (RPC), pp. 1–5. IEEE, Piscataway (2018)

    Google Scholar 

  6. Markov, A., Fadin, A., Tsirlov, V.: Multilevel metamodel for heuristic search of vulnerabilities in the software source code. Int. J. Control Theory Appl. 9(30), 313–320 (2016)

    Google Scholar 

  7. Pechenkin, A.I., Lavrova, D.S.: Modeling the search for vulnerabilities via the fuzzing method using an automation representation of network protocols. Autom. Control Comput. Sci. 49(8), 826–833 (2015)

    Article  Google Scholar 

  8. Zegzhda, P., Zegzhda, D., Pavlenko, E., Dremov, A.: Detecting android application malicious behaviors based on the analysis of control flows and data flows. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 280–283 (2017)

    Google Scholar 

  9. Abramov, G., Korobova, L., Ivashin, A., Matytsina, I.: Information system for diagnosis of respiratory system diseases. In: Journal of Physics: Conference Series, vol. 1015, p. 042036. IOP Publishing, Bristol (2018)

    Google Scholar 

  10. Barabanov, A.V., Markov, A.S., Tsirlov, V.L.: Methodological framework for analysis and synthesis of a set of secure software development controls. J. Theor. Appl. Inf. Technol. 88(1), 77–88(2016)

    Google Scholar 

  11. Howard, M., Lipner, S.: The Security Development Lifecycle: A Process for Developing Demonstrably More Secure Software. Microsoft Press, Redmond (2006)

    Google Scholar 

  12. Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., Squarcina, M.: Postcards from the post-http world: amplification of https vulnerabilities in the web ecosystem. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 281–298. IEEE, Piscataway (2019)

    Google Scholar 

  13. Calzavara, S., Focardi, R., Squarcina, M., Tempesta, M.: Surviving the web: a journey into web session security. ACM Comput. Surv. 50(1), 1–34 (2017)

    Article  Google Scholar 

  14. Nirmal, K., Janet, B., Kumar, R.: Web application vulnerabilities-the hacker’s treasure. In: 2018 International Conference on Inventive Research in Computing Applications (ICIRCA), pp. 58–62. IEEE, Piscataway (2018)

    Google Scholar 

  15. Petrenko, A.S., Petrenko, S.A., Makoveichuk, K.A., Chetyrbok, P.V.: Protection model of PCS of subway from attacks type wanna cry, petya and bad rabbit IoT. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 945–949. IEEE, Piscataway (2018)

    Google Scholar 

  16. Priya, R., Lifna, C., Jagli, D., Joy, A.: Rational unified treatment for web application vulnerability assessment. In: 2014 International Conference on Circuits, Systems, Communication and Information Technology Applications (CSCITA), pp. 336–340. IEEE, Piscataway (2014)

    Google Scholar 

  17. Bhor, R., Khanuja, H.: Analysis of web application security mechanism and attack detection using vulnerability injection technique. In: 2016 International Conference on Computing Communication Control and Automation (ICCUBEA), pp. 1–6. IEEE, Piscataway (2016)

    Google Scholar 

  18. Wang, B., Liu, L., Li, F., Zhang, J., Chen, T., Zou, Z.: Research on web application security vulnerability scanning technology. In: 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), vol. 1, pp. 1524–1528. IEEE, Piscataway (2019)

    Google Scholar 

  19. Yadav, D., Gupta, D., Singh, D., Kumar, D., Sharma, U.: Vulnerabilities and security of web applications. In: 2018 4th International Conference on Computing Communication and Automation (ICCCA), pp. 1–5. IEEE, Piscataway (2018)

    Google Scholar 

  20. Malkawi, M., Özyer, T., Alhajj, R.: Automation of active reconnaissancephase: an automated api-based port and vulnerability scanner. In: Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ASONAM’21, pp. 622–629. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3487351.3492720

  21. Varenitca, V.V., Markov, A.S., Savchenko, V.V.: Recommended practices for the analysis of web application vulnerabilities. In: 10th Anniversary International Scientific and Technical Conference on Secure Information Technologies, BIT 2019 CEUR Workshop Proceedings, vol. 2603, pp. 75–78 (2019)

    Google Scholar 

  22. Marshmallow: Simplified Object Serialization — Marshmallow 3.15.0 Documentation. https://marshmallow.readthedocs.io/en/stable/

  23. Shah, M., Ahmed, S., Saeed, K., Junaid, M., Khan, H., et al.: Penetration testing active reconnaissance phase–optimized port scanning with nmap tool. In: 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), pp. 1–6. IEEE, Piscataway (2019)

    Google Scholar 

  24. Chakrabarti, S., Chakraborty, M., Mukhopadhyay, I.: Study of snortbased ids. In: Proceedings of the International Conference and Workshop on Emerging Trends in Technology, pp. 43–47 (2010)

    Google Scholar 

  25. Kaur, G., Kaur, N.: Penetration testing–reconnaissance with NMAP tool. Int. J. Adv. Res. Comput. Sci. 8(3), 844–846 (2017)

    Google Scholar 

  26. Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: 22nd {USENIX} Security Symposium ({USENIX} Security’13), pp. 605–620 (2013)

    Google Scholar 

  27. Schagen, N., Koning, K., Bos, H., Giuffrida, C.: Towards automated vulnerability scanning of network servers. In: Proceedings of the 11th European Workshop on Systems Security, pp. 1–6 (2018)

    Google Scholar 

  28. Roy, A., Mejia, L., Helling, P., Olmsted, A.: Automation of cyberreconnaissance: a java-based open source tool for information gathering. In: 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 424–426. IEEE, Piscataway (2017)

    Google Scholar 

  29. Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: 2005 International Conference on Dependable Systems and Networks (DSN’05), pp. 602–611. IEEE, Piscataway (2005)

    Google Scholar 

  30. Zhao, J.J., Zhao, S.Y.: Opportunities and threats: a security assessmentof state e-government websites. Govt. Inf. Quart. 27(1), 49–56 (2010)

    Article  Google Scholar 

  31. Mooers, C.N.: Preventing software piracy. Computer 10(3), 29–30 (1977)

    Article  Google Scholar 

  32. McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: a tool for port-based detection of security events. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 73–81 (2004)

    Google Scholar 

  33. Mathew, K., Tabassum, M., Siok, M.V.L.A.: A study of open ports as security vulnerabilities in common user computers. In: 2014 International Conference on Computational Science and Technology (ICCST), pp. 1–6. IEEE, Piscataway (2014)

    Google Scholar 

  34. Maini, R., Bvducoep, P., Pandey, R., Kumar, R., Gupta, R.: Automated web vulnerability scanner. Int. J. Eng. Appl. Sci. Technol. 4(1), 132–136 (2019)

    Google Scholar 

  35. What Is Python? Executive Summary Python.org. https://www.python.org/doc/essays/blurb/

  36. Van Rossum, G., et al.: Python programming language. In: USENIX Annual Technical Conference, vol. 41, pp. 1–36 (2007)

    Google Scholar 

  37. Orebaugh, A., Pinkard, B.: Nmap in the Enterprise: Your Guide to Network Scanning. Elsevier, Amsterdam (2011)

    Google Scholar 

  38. Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure. Com LLC (US) (2008)

    Google Scholar 

  39. Liao, S., Zhou, C., Zhao, Y., Zhang, Z., Zhang, C., Gao, Y., Zhong, G.: A comprehensive detection approach of nmap: principles, rules and experiments. In: 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 64–71. IEEE, Piscataway (2020)

    Google Scholar 

  40. Chapter 15. Nmap Reference Guide Nmap Network Scanning. https://nmap.org/book/man.html#man-description

  41. Nmap Scripting Engine (NSE) Nmap Network Scanning. https://nmap.org/book/man.html#man-description

  42. Grinberg, M.: Flask Web Development: Developing Web Applications with Python. O’Reilly Media, Sebastopol (2018)

    Google Scholar 

  43. Masse, M.: REST API Design Rulebook: Designing Consistent RESTful Web Service Interfaces. O’Reilly Media, Sebastopol (2011)

    Google Scholar 

  44. Burr, C., Couturier, B.: A gateway between gitlab ci and dirac. In: EPJ Web of Conferences, vol. 245, p. 05026. EDP Sciences, Les Ulis (2020)

    Google Scholar 

  45. Ionescu, V.M.: The analysis of the performance of rabbitmq and activemq. In: 2015 14th RoEduNet International Conference-Networking in Education and Research (RoEduNet NER), pp. 132–137. IEEE, Piscataway (2015)

    Google Scholar 

  46. What Can RabbitMQ do for You? — RabbitMQ. https://www.rabbitmq.com/features.html

  47. RabbitMQ Tutorial - “Hello World!” — RabbitMQ. https://www.rabbitmq.com/tutorials/tutorial-one-python.html

  48. Flower - Celery Monitoring Tool – Flower 1.0.1 Documentation. https://flower.readthedocs.io/en/latest/

  49. Castiglione, A., Palmieri, F., Petraglia, M., Pizzolante, R.: Vulsploit: A module for semi-automatic exploitation of vulnerabilities. In: IFIP International Conference on Testing Software and Systems, pp. 89–103. Springer, Berlin (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Vocational School, Istinye University, Istanbul, Turkey

    Malek Malkawi & Reda Alhajj

  2. Department of Computer Engineering, Istanbul Medipol University, Istanbul, Turkey

    Malek Malkawi & Reda Alhajj

  3. Department of Computer Science, University of Calgary, Calgary, AB, Canada

    Malek Malkawi & Reda Alhajj

  4. Department of Heath Informatics, University of Southern Denmark, Odense, Denmark

    Malek Malkawi & Reda Alhajj

Authors
  1. Malek Malkawi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reda Alhajj
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Ankara Medipol University, Ankara, Türkiye

    Sibel Tarıyan Özyer

  2. Department of Electronics and Automation, Fırat University, Elazig, Türkiye

    Buket Kaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Malkawi, M., Alhajj, R. (2023). Parallelized Cyber Reconnaissance Automation: A Real-Time and Scheduled Security Scanner. In: Özyer, S.T., Kaya, B. (eds) Cyber Security and Social Media Applications. Lecture Notes in Social Networks. Springer, Cham. https://doi.org/10.1007/978-3-031-33065-0_2

Download citation

Publish with us

Policies and ethics

Search

Navigation