Ariana Mirian
Ariana Mirian currently works as a senior security researcher at Censys, where she uses Internet Measurement to answer interesting security questions. Prior to Censys, she received her PhD from UCSD, where her thesis focused on answering the question: how can we use large scale measurement and analysis to better prioritize security processes? When not geeking out about Internet Measurement and security, Ariana is also an avid aerialist and birder.
Sessions
They say everything on the Internet is forever, and while this may be true of your pictures from dinner last night, the reality is that everything on the Internet is NOT forever. In fact, much of the Internet is ephemeral, or flappy; services and hosts will appear online, only to disappear shortly after. This has major implications for research that utilizes Internet scanning and begs the question – how often should we be scanning the Internet, and how does this ephemerality differ across the Internet?
In this talk, I’ll discuss our findings from scanning the Internet every hour for a week. I’ll share some interesting anecdotes about where uptime differed across three main variables: L4 ports, L7 services, and ASNs. I’ll dive into examples where the portion of the Internet was fairly stable (e.g. popular protocols on their standard ports) and where uptime was, well, ephemeral (e.g. TCP SIP, HTTP on non-standard ports). I’ll discuss what these findings mean for the Internet Scanning community as a whole, implications for scanning research, and next steps. My hope is that attendees leave understanding just how ephemeral the Internet is, and what they should do about it.
Often when folks think of security research, they think of reverse engineering, tracking threat actors, or pentesting. While these are valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.
In this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Ephemerality, and improving vulnerability notifications. I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened.
By discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments.