360 Global Network Scan Monitoring System

Network scanning is a prevalent threat in the Internet. It can discover active hosts or services in cyberspace, and thus is often used by attackers to locate potential victims. Scanning activities usually appear at the initial stage of malicious attacks, so it would be helpful to fight against those attacks if we can detect scanning behaviors earlier. Qihoo 360 Network ScanMon system is a platform that provides both realtime and historical overviews of network scanning activities all over the world. The ScanMon system detects scanning behaviors effectively and accurately by analyzing large amounts of various network data, including but not limited to Netflow, Honeypot, etc. For those detected scanning events, ScanMon will intuitively show their key information as well as useful statistics, such as scanner SrcIP, victim DstPort, scanning volume, distribution and correlation of scanners, etc. With such information, users are able to perceive network scanning in the first time and identify the corresponding attackers quickly and conveniently. As an example, 360 Netlab recently used ScanMon to help to monitor the emergence of Mirai Botnet and investigate the evolution of its scanning behavior. Qihoo 360 Network ScanMon system is free and open to security community. We hope it will help and also we will appreciate anyone who gives useful feedbacks or is willing to contribute more network data to improve our ScanMon system.

Contact US