On the design and use of internet sinks for network abuse monitoring

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3224, Issue , 2004, Pages 146-165

  Yegneswaran, Vinod ^a   Barford, Paul ^a   Plonka, Dave ^b  

^a University of Wisconsin Madison   (United States)

^b UNIVERSITY OF WISCONSIN MADISON   (United States)

Author keywords

Deception systems; Honeypots; Intrusion detection

Indexed keywords

COMPUTER SYSTEM FIREWALLS; INTERNET; INTERNET PROTOCOLS; MERCURY (METAL);

ACTIVE COMPONENTS; ADDRESS SPACE; CONTROLLED LABORATORIES; HONEYPOTS; INCOMING TRAFFIC; INTRUSION DETECTION SYSTEMS; NETWORK INTRUSION DETECTION; PACKET TRAFFIC;

INTRUSION DETECTION;

EID: 35048867316     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30143-1_8     Document Type: Article

References (33)

1. R. Anderson and A. Khattak. The Use of Information Retrieval Techniques for Intrusion Detection. In Proceedings of RAID, September 1998.
2. Network Associates. LovGate Virus Summary. http://vil.nai.com/vil/ content/Print100183.htm, 2002.
3. C. Bullard. Argus Open Project. http://www.qosient.com/argus/.
4. C. Cranor, Y. Gao, T. Johnson, V. Shkapenyuk, and O. Spatscheck. Gigascope: High Performance Network Monitoring with an SQL Interface.
5. E-eye. Analysis: Sasser Worm. http://www.eeye.com/html/Research/ Advisories/AD20040501.html.
6. C. Estan and G. Varghese. New Directions in Traffic Measurement and Accounting. In Proceedings of ACM SIGCOMM '02, Pittsburgh, PA, August 2002.
7. A. Feldmann, A. Greenberg, C. Lund, N. Reingold, and J. Rexford. NetScope: Traffic Engineering for IP Networks. IEEE Network Magazine, Special Issue on Internet Traffic Engineering, 2000.
8. B. Greene. BGPv4 Security Risk Assessment, June 2002.
9. B. Greene. Remote Triggering Black Hole Filtering, August 2002.
10. Honeyd: Network Rhapsody for You. http://www.citi.umich.edu/u/provos/ honeyd.
11. G. Iannaccone, C. Diot, I. Graham, and N. McKeown. Monitoring very high speed links. In SIGCOMM Internet Measurement Workshop, November 2001.
12. E. Kohler, R. Morris, B. Chen, J. Jannotti, and F. Kaashoek. The click modular router. ACM Transactions on Computer Systems, August 2000.
13. W. Lee, S.J. Stolfo, and K.W. Mok. A Data Mining Framework for Building Intrusion Detection Models. In IEEE Symposium on Security and Privacy, 1999.
14. T. Liston. The Labrea Tarpit Homepage. http://www.hackbusters.net/LaBrea/ .
15. D. Moore. Network Telescopes. http://www.caida.org/ outreaclVpresentations/2003/dimacs0309/.
16. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The Spread of the Sapphire/Slammer Worm. Technical report, CAIDA, 2003.
17. D. Moore, C. Shannon, and K. Claffy. Code Red: A Case Study on the Spread and Victims of an Internet Worm. In Proceedings of ACM SIGCOMM Internet Measurement Workshop, Marseilles, France, November 2002.
18. D. Moore, C. Shannon, G. Voelker, and S. Savage. Internet Quarantine: Requirements for Containing Self-Propagating Code. In Proceedings of IEEE INFOCOM, April 2003.
19. D. Moore, G. Voelker, and S. Savage. Inferring Internet Denial of Service Activity. In Proceedings of the 2001 USENIX Security Symposium, Washington D.C., August 2001.
20. T. Oetiker. The multi router traffic grapher. In Proceedings of the USENIX Twelvth System Administration Conference LISA XII, December 1998.
21. V. Paxson. BRO: A System for Detecting Network Intruders in Real Time. In Proceedings of the 7th USENIX Security Symposium, 1998.
22. D. Plonka. Flawed Routers Flood University of Wisconsin Internet Time Server. http://www.cs.wisc.edu/plonka/netgear-sntp.
23. D. Plonka. Flowscan: A network traffic flow reporting and visualization tool. In Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, December 2000.
24. Y. Rekhter. RFC 1817: CIDR and Glassful Routing, August 1995.
25. M. Roesch. The SNORT Network Intrusion Detection System, http://www.snort.org.
26. S. Staniford, J. Hoagland, and J. McAlemey. Practical Automated Detection of Stealthy Portscans. In Proceedings of the ACM CCS IDS Workshop, November 2000.
27. S. Staniford, V. Paxson, and N. Weaver. How to Own the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, August 2002.
28. H.S. Teng, K. Chen, and S. C-Y Lu. Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns. In IEEE Symposium on Security and Privacy, 1999.
29. The Honeynet Project, http://project.honeynet.org.
30. Trend Micro. WORM_RBOT.CC. http://uk.trendmicro-europe.com/enterprise/ security-info/ve.detail.php?Vname=WORM.RBOT.CC.
31. V. Yegneswaran, P. Barford, and S. Jha. Global Intrusion Detection in the DOMINO Overlay System. In Proceedings of NDSS, San Diego, CA, 2004.
32. V. Yegneswaran, P. Barford, and D. Plonka. On the Design and Use of Internet Sinks for Network Abuse Monitoring. University of Wisconsin Technical Report #1497, 2004.
33. V. Yegneswaran, P. Barford, and J. Ullrich. Internet Intrusions: Global Characteristics and Prevalence. In Proceedings of ACM SIGMETRICS, San Diego, CA, June 2003.