Practical darknet measurement

Michael Bailey; Evan Cooke; Farnam Jahanian; Andrew Myrick; Sushant Sinha

doi:10.1109/CISS.2006.286376

Practical darknet measurement

Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, Sushant Sinha

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.

Original language	English (US)
Title of host publication	2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1496-1501
Number of pages	6
ISBN (Print)	1424403502, 9781424403509
DOIs	https://doi.org/10.1109/CISS.2006.286376
State	Published - 2006
Externally published	Yes
Event	2006 40th Annual Conference on Information Sciences and Systems, CISS 2006 - Princeton, NJ, United States Duration: Mar 22 2006 → Mar 24 2006

Publication series

Name	2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings

Other

Other	2006 40th Annual Conference on Information Sciences and Systems, CISS 2006
Country/Territory	United States
City	Princeton, NJ
Period	3/22/06 → 3/24/06

ASJC Scopus subject areas

General Computer Science

Online availability

10.1109/CISS.2006.286376

Library availability

Discover UIUC Full Text

Cite this

Bailey, M., Cooke, E., Jahanian, F., Myrick, A., & Sinha, S. (2006). Practical darknet measurement. In 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings (pp. 1496-1501). Article 4068042 (2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CISS.2006.286376

Practical darknet measurement. / Bailey, Michael; Cooke, Evan; Jahanian, Farnam et al.
2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2006. p. 1496-1501 4068042 (2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bailey, M, Cooke, E, Jahanian, F, Myrick, A & Sinha, S 2006, Practical darknet measurement. in 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings., 4068042, 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 1496-1501, 2006 40th Annual Conference on Information Sciences and Systems, CISS 2006, Princeton, NJ, United States, 3/22/06. https://doi.org/10.1109/CISS.2006.286376

@inproceedings{bf5cf080a19d425786c9a9e4ae4408cb,

title = "Practical darknet measurement",

abstract = "The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.",

author = "Michael Bailey and Evan Cooke and Farnam Jahanian and Andrew Myrick and Sushant Sinha",

year = "2006",

doi = "10.1109/CISS.2006.286376",

language = "English (US)",

isbn = "1424403502",

series = "2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1496--1501",

booktitle = "2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings",

address = "United States",

note = "2006 40th Annual Conference on Information Sciences and Systems, CISS 2006 ; Conference date: 22-03-2006 Through 24-03-2006",

}

TY - GEN

T1 - Practical darknet measurement

AU - Bailey, Michael

AU - Cooke, Evan

AU - Jahanian, Farnam

AU - Myrick, Andrew

AU - Sinha, Sushant

PY - 2006

Y1 - 2006

N2 - The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.

AB - The Internet today is beset with constant attacks targeting users and infrastructure. One popular method of detecting these attacks and the infected hosts behind them is to monitor unused network addresses. Because many Internet threats propagate randomly, infection attempts can be captured by monitoring the unused spaces between live addresses. Sensors that monitor these unused address spaces are called darknets, network telescopes, or blackholes. They capture important information about a diverse range of threats such as Internet worms, denial of services attacks, and botnets. In this paper, we describe and analyze the important measurement issues associated with deploying darknets, evaluating the placement and service configuration of darknets, and analyzing the data collected by darknets. To support the discussion, we lever-age 4 years of experience operating the Internet Motion Sensor (IMS), a network of distributed darknet sensors monitoring 60 distinct address blocks in 19 organizations over 3 continents.

UR - http://www.scopus.com/inward/record.url?scp=44049086375&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=44049086375&partnerID=8YFLogxK

U2 - 10.1109/CISS.2006.286376

DO - 10.1109/CISS.2006.286376

M3 - Conference contribution

AN - SCOPUS:44049086375

SN - 1424403502

SN - 9781424403509

T3 - 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings

SP - 1496

EP - 1501

BT - 2006 IEEE Conference on Information Sciences and Systems, CISS 2006 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2006 40th Annual Conference on Information Sciences and Systems, CISS 2006

Y2 - 22 March 2006 through 24 March 2006

ER -

Practical darknet measurement

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this