ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Greynets: a definition and evaluation of sparsely populated darknets
Full text PdfPdf (242 KB)
Source Joint International Conference on Measurement and Modeling of Computer Systems archive
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data table of contents
Philadelphia, Pennsylvania, USA
SESSION: Security and network problem determination table of contents
Pages: 171 - 172  
Year of Publication: 2005
ISBN:1-59593-026-4
Authors
Warren Harrop  Swinburne University of Technology, Melbourne, Australia
Grenville Armitage  Swinburne University of Technology, Melbourne, Australia
Sponsors
SIGCOMM: ACM Special Interest Group on Data Communication
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 1,   Downloads (12 Months): 17,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1080173.1080177
What is a DOI?

ABSTRACT

Darknets are often proposed to monitor for anomalous, externally sourced traffic, and require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. We introduce and evaluate the Greynet - a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. Based on a small sample of traffic collected within a university campus network we saw that relatively sparse greynets can achieve useful levels of network scan detection.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
"Bro: A System for Detecting Network Intruders in Real-Time", V. Paxson, Proceedings of the 7th USENIX Security Symposium, January 26-29, 1998
 
2
"Bro", http://www.icir.org/vern/bro-info.html, August 2004
 
3
D. Moore, C. Shannon, G. M. Voelkery, S. Savagey, "Network Telescopes: Technical Report", CAIDA, April 2004
 
4
Telescope Analysis, http://www.caida.org/analysis/security/telescope/, April 2005
 
5
M. Bailey, E. Cooke, "Tracking Global Threats with the Internet Motion Sensor", Nanog 32, September 7th, 2004
 
6
University of Michigan Internet Motion Sensor, "http://ims.eecs.umich.edu/", April 2005
7
Evan Cooke , Michael Bailey , Z. Morley Mao , David Watson , Farnam Jahanian , Danny McPherson, Toward understanding distributed blackhole placement, Proceedings of the 2004 ACM workshop on Rapid malcode, October 29-29, 2004, Washington DC, USA  [doi>10.1145/1029618.1029627]
 
8
The Team Cymru Darknet Project, "http://www.cymru.com/Darknet/", April 2005
 
9
D. Moore, G. Voelker, S. Savage, "Inferring Internet Denial-of-Service Activity," 2001USENIX Security Symposium August 2001
 
10
S. Lau, "The Spinning Cube of Potential Doom", LBNL Computer Protection Brown Bag seminar, Jan 2004
 
11
S. Lau, "http://www.nersc.gov/nusers/security/TheSpinningCube.php", April 2005
 
12
Guofei Gu , Monirul Sharif , Xinzhou Qin , David Dagon , Wenke Lee , George Riley, Worm Detection, Early Warning and Response Based on Local Victim Information, Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), p.136-145, December 06-10, 2004  [doi>10.1109/CSAC.2004.51]

CITED BY  2
Warren Harrop , Grenville Armitage, Modifying first person shooter games to perform real time network monitoring and control tasks, Proceedings of 5th ACM SIGCOMM workshop on Network and system support for games, October 30-31, 2006, Singapore
Warren Harrop , Grenville Armitage, Real-time collaborative network monitoring and control using 3D game engines for representation and interaction, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
          Subjects: Network monitoring


General Terms:
Management, Measurement, Performance, Security, Verification


Keywords:
Greynet, darknet, intrusion detection systems, network security, network telescope, sparse darknets

Collaborative Colleagues:
Warren Harrop: colleagues
Grenville Armitage: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player