Search Swinburne Research Bank
Please use this identifier to cite or link to this item: http://hdl.handle.net/1959.3/2449
|Download PDF (Published version) (Adobe Acrobat PDF, -1 bytes)|
- Defining and evaluating greynets (sparse darknets)
- Armitage, Grenville; Harrop, W.
- Darknets are increasingly being proposed as a means by which network administrators can monitor for anomalous, externally sourced traffic. Current darknet designs require large, contiguous blocks of unused IP addresses - not always feasible for enterprise network operators. In this paper we introduce, define and evaluate the concept of a Greynet - a region of IP address space that is sparsely populated with 'darknet' addresses interspersed with active (or 'lit') IP addresses. We use raw traffic traces collected within a university network to evaluate how sparseness affects a greynet's effectiveness and hence show that enterprise operators can achieve useful levels of network scan detection, with only small numbers of 'dark' IP addresses making up their greynets.
- Publication type
- Conference paper
- Research centre
- Swinburne University of Technology. Faculty of Information and Communication Technologies
- Proceedings of the 30th IEEE Conference on Local Computer Networks LCN 2005, 15-17 November 2005, Sydney, New South Wales, Australia, pp. 344-350
- Publication year
- Institute of Electrical and Electronics Engineers
- 0 7695 2421 4
- Publisher URL
- Copyright © 2005 IEEE. Published version of the paper reproduced here in accordance with the copyright policy of the publisher. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
- Full text
- Peer reviewed