Practical "Dark network" Measurement --- practical Darknet Measurement

Source: Internet
Author: User

Today's Internet is plagued by various attacks, which are usually targeted at users or network facilities. A popular method to detect attacks and infected hosts is to detect unused network addresses. Since many network threats are spread randomly, attempts can be captured by monitoring unused address spaces. These components used to monitor unused address spaces are called "darknets", "Network telescopes", or "blackholes ). They capture important information about a variety of threats, such as worms, DoS attacks, and botnets. Describes and analyzes important measurement problems related to the deployment of "Dark network", evaluation layout, service configuration, and data collected by "Dark network. As a support, we have used Internet motion sensor (IMS) operation data for up to four years, the distributed "Dark network" of this network monitors traffic from 60 different IP address blocks in 19 organizations in 3 continents.

First, we will describe how to install and configure "Dark network" to direct traffic destined for unused addresses to the monitoring system. Then we analyze the data from different sizes of "Dark network" to evaluate the storage and network resources required for "Dark network" measurement. Then we discussed how the "Dark network" layout in the address space and network topology affects the visibility of the monitoring system. We also described how message response affects visibility. Specifically, we show how the interaction is described in the response-free, SYN-ACK response, simulation system, application-level response, and real honeypot host response, this interaction provides intelligence about network events and threats. Finally, by understanding how to deploy and configure the "Dark network" monitor, we describe the different methods used to identify important events from the data collected by the "Dark network" monitor.

The "Dark network" provides a large amount of high-dimensional measurement data, which is divided into four categories:

1. Attackers attempt to infect themselves through worms, botnets, and tools;

2. misconfigured application requests and responses;

3. Reverse spoofing DoS Attacks;

4. Network Scanning and detection.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.