On the Design and Use of Internet Sinks for Network Abuse Monitoring
作者: Vinod Yegneswaran , Paul Barford , Dave Plonka
DOI: 10.1007/978-3-540-30143-1_8
关键词:
摘要: Monitoring unused or dark IP addresses offers opportunities to significantly improve and expand knowledge of abuse activity without many the problems associated with typical network intrusion detection firewall systems. In this paper, we address problem designing deploying a system for monitoring large spaces such as class A telescopes 16M addresses. We describe architecture implementation Internet Sink (iSink) which measures packet traffic on in an efficient, extensible scalable fashion. contrast traditional systems firewalls, iSink includes active component that generates response packets incoming traffic. This gives important advantage discriminating between different types attacks (through examination payloads). The key feature iSink’s design distinguishes it from other space monitors is its stateless thus highly scalable. report performance results our both controlled laboratory experiments case study live deployment. Our demonstrate efficiency scalability well perspective afforded by use.
springer.com
core.ac.uk
sri.com 
sci-hub.se 参考文章(21)
Dave Plonka, FlowScan: A Network Traffic Flow Reporting and Visualization Tool usenix large installation systems administration conference. pp. 305- 318 ,(2000)
Vern Paxson, Stuart Staniford, Nicholas Weaver, Stefan Savage, Colleen Shannon, David Moore, The Spread of the Sapphire/Slammer Worm ,(2003)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Vinod Yegneswaran, Paul Barford, Somesh Jha, Global Intrusion Detection in the DOMINO Overlay System. network and distributed system security symposium. ,(2004)
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Wenke Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models ieee symposium on security and privacy. pp. 120- 132 ,(1999) , 10.1109/SECPRI.1999.766909
Cristian Estan, George Varghese, New directions in traffic measurement and accounting Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement - IMW '01. ,vol. 32, pp. 323- 336 ,(2001) , 10.1145/505202.505212
A. Feldmann, A. Greenberg, C. Lund, N. Reingold, J. Rexford, NetScope: traffic engineering for IP networks IEEE Network. ,vol. 14, pp. 11- 19 ,(2000) , 10.1109/65.826367
Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, M. Frans Kaashoek, The click modular router ACM Transactions on Computer Systems. ,vol. 18, pp. 263- 297 ,(2000) , 10.1145/354871.354874