Title :
The Deployment of a Darknet on an Organization-Wide Network: An Empirical Analysis
Author :
Berthier, Robin ; Cukier, Michel
Author_Institution :
Mech. Eng. Dept., Center for Risk & Reliability, College Park, MD
Abstract :
Darknet sensors have the interesting property of collecting only suspicious traffic, including misconfiguration, backscatter and malicious traffic. The type of traffic collected highly depends on two parameters: the size and the location of the darknet sensor. The goals of this paper are to study empirically the relationship between these two parameters and to try to increase the volume of attackers detected by a given darknet sensor. Our empirical results reveal that on average, on a daily basis, 485 distinct external source IP addresses perform a TCP scan on one of the two /16 networks of our organizationpsilas network. Moreover, a given darknet sensor of 77 IP addresses deployed in the same /16 network collects on average attack traffic from 26% of these attackers.
Keywords :
telecommunication congestion control; transport protocols; TCP scan; attack traffic; backscatter; darknet sensors; external source IP address; malicious traffic; organization network; organization-wide network; transmission control protocol; Backscatter; Educational institutions; Intrusion detection; Mechanical engineering; Mechanical sensors; Monitoring; Production; Reliability engineering; TCPIP; Telecommunication traffic; coverage; darknet; organisation´s network; scan;
Conference_Titel :
High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
Conference_Location :
Nanjing
Print_ISBN :
978-0-7695-3482-4
DOI :
10.1109/HASE.2008.54
