Dynamic monitoring of dark IP address space

Authors:
Iasonas Polakis;Georgios Kontaxis;Sotiris Ioannidis;Evangelos P. Markatos
Affiliations:
Institute of Computer Science, Foundation for Research and Technology, Hellas;Institute of Computer Science, Foundation for Research and Technology, Hellas;Institute of Computer Science, Foundation for Research and Technology, Hellas;Institute of Computer Science, Foundation for Research and Technology, Hellas
Venue:
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Year:
2011

Citing 4
Cited 0

Collapsar: a VM-based architecture for network attack detention center

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
High-Speed Dynamic Packet Filtering

Journal of Network and Systems Management
Honey@home: a new approach to large-scale threat monitoring

Proceedings of the 2007 ACM workshop on Recurring malcode
Swift: a fast dynamic packet filter

NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation

Quantified Score

Hi-index	0.00

Visualization

Abstract

A number of security-related research topics are based on the monitoring of dark IP address space. Unfortunately there is large administrative overhead associated with the dynamic assignment of a specific subnet for monitoring purposes, such as the deployment of a honeypot farm or a distributed intrusion detection system. In this paper, we propose a system that enables the dynamic allocation of an unadvertised IP address subnet for use by a monitoring sensor. The system dynamically selects network subnets that have been allocated to the organization but are not being advertised, advertises them, and subsequently forwards all received traffic destined to the selected subnet to a monitoring sensor.