Proceedings of the 3rd international workshop on Visualization for computer security
Modifying first person shooter games to perform real time network monitoring and control tasks
NetGames '06 Proceedings of 5th ACM SIGCOMM workshop on Network and system support for games
Behavior analysis of long-term cyber attacks in the darknet
ICONIP'12 Proceedings of the 19th international conference on Neural Information Processing - Volume Part V
Understanding IPv6 internet background radiation
Proceedings of the 2013 conference on Internet measurement conference
Hi-index | 0.00 |
Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a Greynet - a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet's effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of 'dark' IP addresses making up their greynets.