Test Observed Correlations of Unsolicited IP Traffic Across Five Distinct Network Telescopes
ABSTRACT
Using network telescopes to monitor unused IP address space provides a favourable environment for researchers to study and detect malware, denial of service, and scanning activities on the Internet. This research focuses on comparative and correlation analysis of traffic activity across five IPv4 network telescopes, each with an aperture size of /24 over a 12-month period. Time series representations of the traffic activity observed on these sensors were constructed. Using the cross- and auto-correlation methods of time series analysis, sensor data was quantitatively analysed with the resulting correlation of network telescopes’ traffic activity found to be moderate to high, dependent on grouping.
AUTHORS
BVW Irwin, T Nkhumeleni
Department of Computer Science
Rhodes University, South Africa
Barry Irwin is an Associate Professor in the Department of Computer Science at Rhodes University, South Africa. He established and has led the Security and Networks Research Group (SNRG) since its founding in 2003. He holds a PhD from Rhodes University and a CISSP. His current areas of research include network traffic analysis, data visualization and webserver malware.