On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
A comparison of estimators for 1/f noise
Physica D
On the propagation of long-range dependence in the Internet
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Real-time visualization of network attacks on high-speed links
IEEE Network: The Magazine of Global Internetworking
SAICSIT '10 Proceedings of the 2010 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists
A systematic approach for detecting and clustering distributed cyber scanning
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
A network telescope is a portion of IP address space dedicated to observing inbound internet traffic. The purpose of a network telescope is to detect and log malicious traffic which originates from internet worms and viruses. In this paper, we investigate the statistical properties of observed traffic from a passive Class C telescope over a total of three months. We observe that only a few IP sources and destination ports are responsible for the majority of the traffic. We also demonstrate various ways to visualise the traffic profile from a telescope. We show that specific profiles can identify and distinguish portscans, hostscans and distributed denial-of-service (DDOS) attacks. Looking at the inter-arrival time of packets, the power spectrum and the detrended fluctuation analysis of the observed traffic, we show that there is very little sign of long-range dependence. This is in stark contrast to other network traffic and presents exciting possibilities for identifying malicious traffic purely from its traffic profile.