Practical darknet measurement

Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, Sushant Sinha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.

Original languageEnglish (US)
Title of host publication2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1496-1501
Number of pages6
ISBN (Print)1424403502, 9781424403509
DOIs
StatePublished - 2006
Externally publishedYes
Event2006 40th Annual Conference on Information Sciences and Systems, CISS 2006 - Princeton, NJ, United States
Duration: Mar 22 2006Mar 24 2006

Publication series

Name2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings

Other

Other2006 40th Annual Conference on Information Sciences and Systems, CISS 2006
Country/TerritoryUnited States
CityPrinceton, NJ
Period3/22/063/24/06

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Practical darknet measurement'. Together they form a unique fingerprint.

Cite this