抄録
Darknet monitoring is an effective method to analyze malicious activities on networks including the Internet. Since there is no legitimate host on darknets, traffic sent to such a space is considered to be malicious. There are two major issues for darknet monitoring: how to prepare unused address space and how to configure network sensors deployed on the network. Preparation of monitoring addresses is difficult, and it have not been obvious yet what an appropriate configuration is. To solve the first issue, we proposed a method for network monitoring by exploiting unused IP addresses on segments managed by DHCP server, where is a real-operated network. By assigning these addresses, we can easily obtain IP addresses for monitoring and enable network monitoring on production network. Furthermore, we conducted real darknet monitoring experiments and clarified what kind of information could be obtained. We deployed several types of sensors on real-operated network and captured darknet traffic. After analyzing the traffic, we compared the data between each sensor. We found that there were dramatic differences between the data collected by each sensor and our proposed method was useful for real network monitoring.
| 本文言語 | 英語 |
|---|---|
| ホスト出版物のタイトル | Proceedings - 2010 International Conference on Broadband, Wireless Computing Communication and Applications, BWCCA 2010 |
| ページ | 278-285 |
| ページ数 | 8 |
| DOI | |
| 出版ステータス | 出版済み - 2010 |
| イベント | 5th International Conference on Broadband Wireless Computing, Communication and Applications, BWCCA 2010 - Fukuoka, 日本 継続期間: 11月 4 2010 → 11月 6 2010 |
その他
| その他 | 5th International Conference on Broadband Wireless Computing, Communication and Applications, BWCCA 2010 |
|---|---|
| 国/地域 | 日本 |
| City | Fukuoka |
| Period | 11/4/10 → 11/6/10 |
!!!All Science Journal Classification (ASJC) codes
- コンピュータ ネットワークおよび通信
- コンピュータ サイエンスの応用