The Deployment of a Darknet on an Organization-Wide Network: An Empirical Analysis
Title | The Deployment of a Darknet on an Organization-Wide Network: An Empirical Analysis |
Publication Type | Conference Papers |
Year of Publication | 2008 |
Authors | Berthier R, Cukier M |
Date Published | 2008/12// |
Keywords | attack traffic, backscatter, darknet sensors, external source IP address, malicious traffic, organization network, organization-wide network, TCP scan, telecommunication congestion control, transmission control protocol, Transport protocols |
Abstract | Darknet sensors have the interesting property of collecting only suspicious traffic, including misconfiguration, backscatter and malicious traffic. The type of traffic collected highly depends on two parameters: the size and the location of the darknet sensor. The goals of this paper are to study empirically the relationship between these two parameters and to try to increase the volume of attackers detected by a given darknet sensor. Our empirical results reveal that on average, on a daily basis, 485 distinct external source IP addresses perform a TCP scan on one of the two /16 networks of our organizationpsilas network. Moreover, a given darknet sensor of 77 IP addresses deployed in the same /16 network collects on average attack traffic from 26% of these attackers. |
DOI | 10.1109/HASE.2008.54 |