Data reduction for the scalable automated analysis of distributed darknet traffic

Bailey, Michael; Cooke, Evan; Jahanian, Farnam; Provos, Niels; Rosaen, Karl; Watson, David

doi:10.1145/1330107.1330135

Cited by 34 publications

(23 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Based on a preliminary analysis, we expect that IBR will also be a good source to determine patterns of in when reassignment occurs 18 , and pools of addresses used in reassignment 19 .…”

Section: Discussionmentioning

confidence: 99%

“…Compared to the RIPE Atlas 17 For an IP address A.B.C.D, we use the number A×2 24 +B×2 16 +C×2 8 +D. 18 A preliminary analysis of the number of reassignments in an AS per hour varies across ASes. Often we observe a diurnal pattern (consistent with Internet usage being higher during waking hours), but, in a few cases, we observe spikes (possibly due to outages or provider induced events).…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Benson

Dainotti

claffy

et al. 2015

Proceedings of the 2015 Internet Measurement Conference

View full text Add to dashboard Cite

“…Based on a preliminary analysis, we expect that IBR will also be a good source to determine patterns of in when reassignment occurs 18 , and pools of addresses used in reassignment 19 .…”

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Benson

Dainotti

claffy

et al. 2015

Proceedings of the 2015 Internet Measurement Conference

View full text Add to dashboard Cite

“…However, the work was only concentrated towards detecting stealthy portscans. Bailey et al [17] focused on scalable monitoring of darknets and reducing the amount of data for the forensic honeypots by using source-distribution based methods. Maier et al [18] suggested storing the network traffic up to a cutoff limit of bytes per connection.…”

Section: Related Work In Network Forensicsmentioning

confidence: 99%

Network Forensic System for ICMP Attacks

Kaushik¹,

Joshi²

2010

IJCA

View full text Add to dashboard Cite

Network forensics is capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. This paper addresses the major challenges in collection, examination and analysis processes. We propose a model for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol. The packet capture file is analyzed for significant ICMP protocol features to mark suspicious packets. The header information encapsulated in the packet capture file is ported to a database. Rule sets designed for various ICMP attacks are queried on the database to calculate various statistical thresholds. This information validates the presence of attacks and will be very useful for the investigation phase. The reduced packet capture size is easy to manage as only marked packets are considered. The protocol features usually manipulated by the attackers is available in database format for next stage analysis and investigation. The model has been tested with a sample attack dataset and the results are satisfactory. The model can be extended to include attacks on other protocols.

show abstract

“…In subsequent work [25], the authors have improved the filtering mechanisms taking into account, for example, the source payload, source port, source destination and source connection. Furthermore, Bailey et al [26] improved the source-based filtering mechanism through expanding the individual darknets into multiple darknets for observing the global behavior and the source distribution. On the other hand, packet inspection based filtering mechanism is another popular approach to reduce repeated data.…”

Section: Traffic Classification and Filtering Mechanismsmentioning

confidence: 99%

“…Bailey et al [26] improved the source-destination based filtering mechanism through expanding the individual darknets into multiple darknets for observing the global behavior and the source distribution.…”

Section: B Attack Preventionmentioning

confidence: 99%

Contribution to the Design of a Flexible and Adaptive Solution for the Management of Heterogeneous Honeypot Systems

Fan¹

View full text Add to dashboard Cite

Data reduction for the scalable automated analysis of distributed darknet traffic

Cited by 34 publications

References 0 publications

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Network Forensic System for ICMP Attacks

Contribution to the Design of a Flexible and Adaptive Solution for the Management of Heterogeneous Honeypot Systems

Contact Info

Product

Resources

About