skip to main content
10.1145/2382416.2382423acmconferencesArticle/Chapter ViewAbstractPublication PageseurosysConference Proceedingsconference-collections
research-article

Analysis of internet-wide probing using darknets

Published: 15 October 2012 Publication History

Abstract

Recent analysis of traffic reaching the UCSD Network Telescope (a /8 darknet) revealed a sophisticated botnet scanning event that covertly scanned the entire IPv4 space in about 12 days. We only serendipitously discovered this event while studying a completely unrelated behavior (censorship episode in Egypt in February 2011), but we carefully studied the scan, including validating and cross-correlating our observations with other large data set shared by others. We would like to extend these strategies to detect other large-scale malicious events. We suspect the fight against malware will benefit greatly (and perhaps require) collaborative sharing of diverse large-scale security-related data sets. We hope to discuss both the technical and the data-sharing policy aspects of this challenge at the workshop.

References

[1]
Alberto Dainotti, Alistair King, Kimberly Claffy, Ferdinando Papale, and Antonio Pescapé. Analysis of a "/0" Stealth Scan from a Botnet. In ACM SIGCOMM Internet Measurement Conference, 2012.
[2]
Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C. Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. Analysis of country-wide internet outages caused by censorship. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, IMC '11, pages 1--18, New York, NY, USA, 2011. ACM.
[3]
Nicolas Falliere. A distributed cracker for voip. http://www.symantec.com/connect/blogs/distributed-cracker-voip, February 15 2011.
[4]
Zhichun Li, A. Goyal, Yan Chen, and Vern Paxson. Towards situational awareness of large-scale botnet probing events. Information Forensics and Security, IEEE Transactions on, 6(1):175--188, March 2011.
[5]
Duane Wessels. IPv4 Census Hilbert Map, 2007. http://www.caida.org/research/id-consumption/census-map/.

Cited By

View all
  • (2023)Geodemographic Profiling of Malicious IP addresses2023 20th Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST58708.2023.10320172(1-11)Online publication date: 21-Aug-2023
  • (2023)Multi-label Classification of Hosts Observed through a DarknetNOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS56928.2023.10154356(1-6)Online publication date: 8-May-2023
  • (2023)Evaluating IP Blacklists Effectiveness2023 10th International Conference on Future Internet of Things and Cloud (FiCloud)10.1109/FiCloud58648.2023.00056(336-343)Online publication date: 14-Aug-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
BADGERS '12: Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security
October 2012
40 pages
ISBN:9781450316613
DOI:10.1145/2382416
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. botnet
  2. darknet
  3. network telescope
  4. probing
  5. scan
  6. stealth

Qualifiers

  • Research-article

Conference

CCS'12
Sponsor:
CCS'12: the ACM Conference on Computer and Communications Security
October 15, 2012
North Carolina, Raleigh, USA

Acceptance Rates

BADGERS '12 Paper Acceptance Rate 4 of 7 submissions, 57%;
Overall Acceptance Rate 4 of 7 submissions, 57%

Upcoming Conference

EuroSys '25
Twentieth European Conference on Computer Systems
March 30 - April 3, 2025
Rotterdam , Netherlands

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Geodemographic Profiling of Malicious IP addresses2023 20th Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST58708.2023.10320172(1-11)Online publication date: 21-Aug-2023
  • (2023)Multi-label Classification of Hosts Observed through a DarknetNOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS56928.2023.10154356(1-6)Online publication date: 8-May-2023
  • (2023)Evaluating IP Blacklists Effectiveness2023 10th International Conference on Future Internet of Things and Cloud (FiCloud)10.1109/FiCloud58648.2023.00056(336-343)Online publication date: 14-Aug-2023
  • (2019)Big Data Sanitization and Cyber Situational Awareness: A Network Telescope PerspectiveIEEE Transactions on Big Data10.1109/TBDATA.2017.27233985:4(439-453)Online publication date: 1-Dec-2019
  • (2019)Deep mining port scans from darknetInternational Journal of Network Management10.1002/nem.2065(e2065)Online publication date: 19-Feb-2019
  • (2018)CSC-Detector: A System to Infer Large-Scale Probing CampaignsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.259344115:3(364-377)Online publication date: 1-May-2018
  • (2016)Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and CharacterizationIEEE Communications Surveys & Tutorials10.1109/COMST.2015.249769018:2(1197-1227)Online publication date: Oct-2017
  • (2015)Analysis of a "/0" stealth scan from a botnetIEEE/ACM Transactions on Networking10.1109/TNET.2013.229767823:2(341-354)Online publication date: 1-Apr-2015
  • (2015)A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet TrafficProceedings of the 2015 10th International Conference on Availability, Reliability and Security10.1109/ARES.2015.9(180-185)Online publication date: 24-Aug-2015
  • (2014)Behavioral analytics for inferring large-scale orchestrated probing events2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFCOMW.2014.6849283(506-511)Online publication date: Apr-2014

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media