Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
High-Speed Dynamic Packet Filtering
Journal of Network and Systems Management
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
Swift: a fast dynamic packet filter
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Hi-index | 0.00 |
A number of security-related research topics are based on the monitoring of dark IP address space. Unfortunately there is large administrative overhead associated with the dynamic assignment of a specific subnet for monitoring purposes, such as the deployment of a honeypot farm or a distributed intrusion detection system. In this paper, we propose a system that enables the dynamic allocation of an unadvertised IP address subnet for use by a monitoring sensor. The system dynamically selects network subnets that have been allocated to the organization but are not being advertised, advertises them, and subsequently forwards all received traffic destined to the selected subnet to a monitoring sensor.