Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The dark oracle: perspective-aware unused and unreachable address discovery
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Gray's anatomy: dissecting scanning activities using IP gray space analysis
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
| Hi-index | 0.00 |
Campus or enterprise networks often have many unassigned IP addresses that collectively form IP gray space within the address blocks of such networks. Using one-month traffic data collected in a large campus network, we have monitored a significant amount of unwanted traffic towards IP gray space in various forms, such as worms, port scanning, and denial of service attacks. In this paper, we apply a heuristic algorithm to extract the IP gray space in our campus network. Subsequently, we analyze the behavioral patterns such as dominant activities and target randomness, of the gray space traffic for individual outside hosts. By correlating and contrasting the traffic towards IP gray addresses and live end hosts, we find the gray space traffic provides unique insight for uncovering the behavior, and intention,of anomalous traffic towards live end hosts. Finally, we demonstrate the applications of gray space traffic for identifying SPAM behavior, detecting malicious scanning and worm activities that successfully compromise end hosts.