Frequently Asked Questions

LightScope is a cybersecurity research project that examines unwanted traffic on the internet. It is based upon work supported by the U.S. National Science Foundation under Grant No. 2313998 and the University of Southern California Information Sciences Institute.

The topics we examine include trends in AI/ML-based unwanted traffic, identifying and attributing large-scale distributed campaings, and how scanners and attackers interact with live/production machines as opposed to honeypots or network telescopes.

In order to give back to those who deploy the LightScope software on their systems, we provide free general threat intelligence to the public, and free cutomized threat intelligence to those who deploy LightScope.

LightScope collects data about systems that send you unwanted traffic on the internet, such as malicious scanners looking for vulnerabilities. If we notice that someone has sent traffic to a closed port on your machine, we will examine it. In order to preserve your privacy, the LightScope client was specifically written to anonymize your IP address, and ignore packet payloads. This means that we can see who sent you unwanted data, but not what they sent. For a list of specific data collected, please view the Technical Details page.

Our code is open source, written in python (specifically to provide transparency), and our study was reviewed by the University of Southern California IRB and found not to generate identifiable private information (UP-25-00124LightScope - Survey of unwanted traffic to large user populations).

Yes, LightScope is an open-source project developed under NSF grant #2313998. The source code is available on GitHub under the MIT license, allowing for both academic and commercial use with proper attribution.

We encourage contributions from the community to help improve and extend the capabilities of LightScope.