The day after patch tuesday: effects observable in IP darkspace traffic

Authors:
Tanja Zseby;Alistair King;Nevil Brownlee;K C Claffy
Affiliations:
Fraunhofer Institute FOKUS, Berlin, Germany,CAIDA, UCSD, San Diego, CA;CAIDA, UCSD, San Diego, CA;CAIDA, UCSD, San Diego, CA and The University of Auckland, Auckland, New Zealand;CAIDA, UCSD, San Diego, CA
Venue:
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Year:
2013

Citing 1
Cited 0

One-way traffic monitoring with iatmon

PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement

Quantified Score

Hi-index	0.00

Visualization

Abstract

We investigated how Patch Tuesday affects the volume and characteristics of malicious and unwanted traffic as observed by a large IPv4 (/8) darkspace monitor over the first six months of 2012. We did not discover significant changes in overall traffic volume following Patch Tuesday, but we found a significant increase of the number of active hosts sending to our darkspace monitor the day after Patch Tuesday for all six investigated months. Our early results suggest the effects of Patch Tuesday are worth deeper investigation. Detecting time intervals during which new sources become active can help tune sampling methods toward activity periods that likely contain more interesting information (i.e., many new malicious sources) than other time periods.