Compare Censys and Shodan data

[cunha]

Quantify:

• [ ] Amount of hosts and services probed by (a) Shodan only, (b) Censys only, and (c) both.
• [ ] For the services probed by both Shodan and Censys, compare the information each provides
  • [ ] How often are the provided information conflicting
• [ ] Temporal coverage of an IP address (how often are IP addresses probed by one vs both systems)
  • CDF of inter-probing time
• [ ] Study how to find the correct time-frame to compare both datasets
  • [ ] How long should each dataset period be?
• [ ] Compare the scanning process/behavior (enumeration vs random, inter-probing time) of both frameworks
  • [ ] Plot time series of instantaneous # of measurements (banners) and # of devices probes over time
  • [ ] Plot time series of cumulative # of measurements (banners) and # of devices probes over time
  • [ ] Are the datasets consistent/stable over time? Do we seem to have all the data we expect from the inferred probing process?

[cunha]

• [ ] For IPs that are probed only a few times (e.g., 1 time), check what data Shodan has collected (did the IP not get probed later because Shodan did not get any information)

[cunha]

• [ ] Compare targets focused on by Shodan and Censys
  • [ ] Geographical location, controlling organization, number of vulnerabilities, types of service