Swinburne
Browse

Greynets: A definition and evaluation of sparsely populated darknets

Download (241.23 kB)
conference contribution
posted on 2024-07-11, 11:37 authored by Warren Harrop, Grenville Armitage
Darknets are often proposed to monitor for anomalous, externally sourced traffic, and require large, contiguous blocks of unused IP addresses---not always feasible for enterprise network operators. We introduce and evaluate the Greynet---a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. Based on a small sample of traffic collected within a university campus network we saw that relatively sparse greynets can achieve useful levels of network scan detection.

History

Available versions

PDF (Accepted manuscript)

Publisher DOI

ISBN

1595930264

Journal title

Proceedings of ACM SIGCOMM 2005 Workshop on Mining Network Data, MineNet 2005

Conference name

ACM SIGCOMM 2005 Workshop on Mining Network Data, MineNet 2005

Pagination

1 p

Publisher

ACM

Copyright statement

Copyright is held by the author/owner(s). This the accepted manuscript of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of MineNet (2005) http://doi.acm.org/10.1145/1080173.1080177.

Language

eng

Usage metrics

    Publications

    Categories

    No categories selected

    Keywords

    none

    Licence

    In Copyright

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC