Loading [a11y]/accessibility-menu.js
Defining and Evaluating Greynets (Sparse Darknets) | IEEE Conference Publication | IEEE Xplore

Defining and Evaluating Greynets (Sparse Darknets)


Abstract:

Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require...Show More

Abstract:

Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a greynet - a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet 's effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of 'dark' IP addresses making up their greynets
Date of Conference: 17-17 November 2005
Date Added to IEEE Xplore: 12 December 2005
Print ISBN:0-7695-2421-4
Print ISSN: 0742-1303
Conference Location: Sydney, NSW, Australia

References

References is not available for this document.