Title :
Extracting Internet Background Radiation from raw traffic using greynet
Author :
Lihua Miao ; Wei Ding ; Haiting Zhu
Author_Institution :
Sch. of Comput. Sci. & Eng., Southeast Univ., Jiangsu, China
Abstract :
Analysis based on Internet Background Radiation (IBR) has been shown to be effective for detecting Internet threats such as worms and DDOS attacks. In contrast with traditional methods using darknets, this paper proposes a scheme of extracting IBR from raw traffic gathered at a point of presence (PoP) by its ISP. This method is proceeding from a different angle based on redefined greynet and IBR´s own characteristics. The method´s basic principle is introduced first and then it is qualitatively analyzed using “precision” and “recall”. On this basis, the method is implemented facing raw traffic in a particular format and applied to measured data with certain scale. Based on the successfully extracted IBR, subsequent analysis reveals that this scheme is effective and feasible.
Keywords :
Internet; backscatter; computer network security; DDOS attacks; ISP; Internet background radiation extraction; Internet threat detection; darknets; greynet; point of presence; raw traffic; worms; Backscatter; Computer crime; Feature extraction; IP networks; Internet; Monitoring; Ports (Computers); Internet background radiation; Internet threats; backscatter; grey space; greynet;
Conference_Titel :
Networks (ICON), 2012 18th IEEE International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4673-4521-7
DOI :
10.1109/ICON.2012.6506586
