Office of Technology Transfer – University of Michigan

High-performance Network Scanner for Security Applications

Technology #5921

Internet-wide network scanning becomes important and challenging

Cyber-attack targeted on internet application has become a critical issue. Lots of effects have been made on the internet security. Internet-wide network scanning is very useful for the internet security. There are increasing internet security applications for the internet-wide network scanning, e.g. detecting new vulnerabilities and tracking the adoption of defensive mechanism and so on. The current technology, however, is slow and inefficient to probe the entire public address space, which significantly limits the usage of network scanning.

ZMap for high-performance network scanning

Researchers at the University of Michigan designed a novel network scanner, Zmap, for high-performance internet-scale network scanning. With a novel design of scanner architecture, Zmap is capable of efficiently optimizing the probing and significantly reducing the losses during the scanning. Therefore, Zmap achieves much higher performance for internet-wide network scanning. Indeed, in experiments, ZMap achieves a scanning speed over 1300 times faster than the most advanced current available technology with equivalent accuracy, and it also approaches the theoretical maximum speed of gigabit Ethernet.

Applications

o detecting security vulnerabilities
o measuring vulnerability mitigation
o studying opaque distributed systems
o mapping hidden services
o Internet analytics
o Mapping service outages

Advantages

o Much faster scanning speed