The dark oracle: perspective-aware unused and unreachable address discovery
作者: Evan Cooke , Michael Bailey , Farnam Jahanian , Richard Mortier , None
DOI:
关键词:
摘要: Internet traffic destined for unused or unreachable addresses provides critically important information on malicious and misconfigured activity. Since address allocation policy is distributed across many devices, applications, administrative domains, constructing a comprehensive map of ("dark") challenging. In this paper, we present an architecture that automates the process discovering these dark by actively participating with allocation, routing, systems. Our approach to adopt local perspective revealing external private addresses, enabling detection threats coming into out network. To validate approach, construct prototype system called Dark Oracle uses internal routing data host configuration information, such as DHCP logs, automatically discover addresses. We experimentally evaluate using from large enterprise network, regional ISP, deployment academic
acm.org 参考文章(28)
Robert Stone, Dug Song, Rob Malan, A Snapshot of Global Internet Worm Activity ,(2001)
Craig Labovitz, Abha Ahuja, Michael Bailey, None, Shining Light on Dark Address Space ,(2001)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Xuxian Jiang, Dongyan Xu, Collapsar: a VM-based architecture for network attack detention center usenix security symposium. pp. 2- 2 ,(2004)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Mary Vernon, Jason Franklin, John Bethencourt, Mapping internet sensors with probe response attacks usenix security symposium. pp. 13- 13 ,(2005)