Observed Correlations of Unsolicited IP Traffic across Five Distinct Network Telescopes
ABSTRACT
Using network telescopes to monitor unused IP address space provides a favourable environment for researchers to study and detect malware, denial of service, and scanning activities on the Internet. This research focuses on comparative and correlation analysis of traffic activity across five IPv4 network telescopes, each with an aperture size of /24 over a 12-month period. Time series representations of the traffic activity observed on these sensors were constructed. Using the cross- and auto-correlation methods of time series analysis, sensor data was quantitatively analysed with the resulting correlation of network telescopes’ traffic activity found to be moderate to high, dependent on grouping.
AUTHORS
Department of Computer Science, Rhodes University Grahamstown
South Africa
Barry Irwin is an Associate Professor in the Department of Computer Science at Rhodes University, South Africa. He established and has led the Security and Networks Research Group (SNRG) since its founding in 2003. He holds a PhD from Rhodes University and a CISSP. His current areas of research include network traffic analysis, data visualization and webserver malware.
Department of Computer Science Rhodes University
South Africa
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
