Darknet monitoring on real-operated networks

Seiichiro Mizoguchi, Yoshiro Fukushima, Yoshiaki Kasahara, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Darknet monitoring is an effective method to analyze malicious activities on networks including the Internet. Since there is no legitimate host on darknets, traffic sent to such a space is considered to be malicious. There are two major issues for darknet monitoring: how to prepare unused address space and how to configure network sensors deployed on the network. Preparation of monitoring addresses is difficult, and it have not been obvious yet what an appropriate configuration is. To solve the first issue, we proposed a method for network monitoring by exploiting unused IP addresses on segments managed by DHCP server, where is a real-operated network. By assigning these addresses, we can easily obtain IP addresses for monitoring and enable network monitoring on production network. Furthermore, we conducted real darknet monitoring experiments and clarified what kind of information could be obtained. We deployed several types of sensors on real-operated network and captured darknet traffic. After analyzing the traffic, we compared the data between each sensor. We found that there were dramatic differences between the data collected by each sensor and our proposed method was useful for real network monitoring.

Original languageEnglish
Title of host publicationProceedings - 2010 International Conference on Broadband, Wireless Computing Communication and Applications, BWCCA 2010
Pages278-285
Number of pages8
DOIs
Publication statusPublished - 2010
Event5th International Conference on Broadband Wireless Computing, Communication and Applications, BWCCA 2010 - Fukuoka, Japan
Duration: Nov 4 2010Nov 6 2010

Other

Other5th International Conference on Broadband Wireless Computing, Communication and Applications, BWCCA 2010
CountryJapan
CityFukuoka
Period11/4/1011/6/10

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Darknet monitoring on real-operated networks'. Together they form a unique fingerprint.

Cite this