TY - GEN
T1 - Practical darknet measurement
AU - Bailey, Michael
AU - Cooke, Evan
AU - Jahanian, Farnam
AU - Myrick, Andrew
AU - Sinha, Sushant
PY - 2006
Y1 - 2006
N2 - The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.
AB - The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.
UR - http://www.scopus.com/inward/record.url?scp=44049086375&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=44049086375&partnerID=8YFLogxK
U2 - 10.1109/CISS.2006.286376
DO - 10.1109/CISS.2006.286376
M3 - Conference contribution
AN - SCOPUS:44049086375
SN - 1424403502
SN - 9781424403509
T3 - 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings
SP - 1496
EP - 1501
BT - 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2006 40th Annual Conference on Information Sciences and Systems, CISS 2006
Y2 - 22 March 2006 through 24 March 2006
ER -