The Internet Motion Sensor: A distributed global scoped Internet threat monitoring system
作者: Evan Cooke , Michael Bailey , David Watson , Farnam Jahanian , Jose Nazario
DOI:
关键词: The Internet 、 Network topology 、 Internet security 、 Service (systems architecture) 、 Scalability 、 Internet layer 、 Denial-of-service attack 、 Computer science 、 Computer network 、 Critical infrastructure
摘要: Networks are increasingly subjected to a broad spectrum of threats that impact the reliability and availability critical infrastructure. In response, researchers network operators have relied on monitoring characterize track these threats. This paper introduces Internet Motion Sensor (IMS), globally scoped threat system whose goal is measure, characterize, The dark address sensors in IMS extend simple passive capture using novel transport layer service emulation technique elicit payloads across all services, thereby addressing issue depth coverage. To achieve breadth coverage, employs distributed infrastructure utilizes aware their diversity position actively routed topology. Finally, uses an innovative signature encoding data warehousing combined with hierarchical architecture realize not only time space efficient, but also scalable global deployment. We explore various architectural tradeoffs context 3 year deployment multiple blocks ranging size from /24s /8. show how current emulates services diverse set topologies manner. Results three recent events presented illustrate utility such system: SCO Denial Service attacks (December, 2003), Blaster worm (August, Bagle backdoor scanning efforts (March, 2004).
参考文章(17)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
Robert Stone, Centertrack: an IP overlay network for tracking DoS floods usenix security symposium. pp. 15- 15 ,(2000)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Jose Nazario, Defense and Detection Strategies against Internet Worms ,(2003)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Frederick Cohen, Frederick B. Cohen, A short course on computer viruses ,(1994)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056
C. Shannon, D. Moore, The spread of the Witty worm ieee symposium on security and privacy. ,vol. 2, pp. 46- 50 ,(2004) , 10.1109/MSP.2004.59