Analysis of internet-wide probing using darknets

Authors:
Alberto Dainotti;Alistair King;Kimberly Claffy
Affiliations:
University of California, San Diego, La Jolla, CA, USA;University of California, San Diego, La Jolla, CA, USA;University of California, San Diego, La Jolla, CA, USA
Venue:
Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security
Year:
2012

Citing 3
Cited 0

Analysis of country-wide internet outages caused by censorship

Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Towards Situational Awareness of Large-Scale Botnet Probing Events

IEEE Transactions on Information Forensics and Security
Analysis of a "/0" stealth scan from a botnet

Proceedings of the 2012 ACM conference on Internet measurement conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent analysis of traffic reaching the UCSD Network Telescope (a /8 darknet) revealed a sophisticated botnet scanning event that covertly scanned the entire IPv4 space in about 12 days. We only serendipitously discovered this event while studying a completely unrelated behavior (censorship episode in Egypt in February 2011), but we carefully studied the scan, including validating and cross-correlating our observations with other large data set shared by others. We would like to extend these strategies to detect other large-scale malicious events. We suspect the fight against malware will benefit greatly (and perhaps require) collaborative sharing of diverse large-scale security-related data sets. We hope to discuss both the technical and the data-sharing policy aspects of this challenge at the workshop.