Network Telescope Research
| 
|
|
A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning.
This work would not be possible without the
cooperation of UCSD Network Operations and support from DARPA, NSF,
Cisco Systems and Caida members.
| 
|
|
Many privacy and security concerns are associated
with Network Telescope datasets. Because some viruses and worms
involve the installation of backdoors that provide unfettered
access to infected computers, telescope data may contain features
that advertise these vulnerable machines. Also, while the
source of some types of telescope traffic, including denial-of-service
attacks and worms, is readily apparent, a significant volume
of traffic is of unknown origin. Without identifying the
traffic, we cannot assess the security and privacy impact of
releasing the data.
CAIDA makes available a number of datasets for
researchers who wish to study data collected at the UCSD Network
Telescope. These datasets represent the major sources of
telescope traffic:
Network Telescope Datasets
| Year |
Month |
Presenter(s) |
Title |
Venue |
Topic(s) |
|
2007
|
May
|
Shannon, C |
Current Network Security Threats: DoS, Viruses, Worms, Botnets |
TERENA Networking Conference |
|
|
2007
|
Jan
|
Shannon, C
Moore, D |
Blackworm: Analyzing the Spread of a Worm from Poisoned IP Data |
ISOI |
|
|
2006
|
Nov
|
Shannon, C |
Internet Measurement Data Catalog and Security Research Overview |
WIDE |
- data
- software/tools
- security
|
|
2006
|
Oct
|
Wessels, D |
Whats Wrong With The DNS |
RIPE |
- dns
- data
- overview
- security
|
|
2006
|
Oct
|
Moore, D |
Anomaly Sampling (bringing diversity to network security) |
Flocon |
- security
- measurement methodology
|
|
2006
|
Jul
|
Moore, D |
Anomaly Sampling (bringing diversity to network security) |
Intimate Workshop |
- security
- measurement methodology
|
|
2006
|
Feb
|
Wessels, D |
DNS Cache Poisoners Lazy, Stupid, or Evil? |
NANOG |
|
|
2005
|
Mar
|
Moore, D |
Detecting Internet Worms |
UCSD Research Exam |
- security
- measurement methodology
- passive data analysis
|
|
2005
|
Mar
|
Moore, D |
Measuring a Malicious Internet |
UCSD Thesis Proposal |
- security
- measurement methodology
- passive data analysis
|
|
2004
|
Nov
|
Shannon, C |
The UCSD Network Telescope |
CCIED |
- security
- measurement methodology
|
|
2004
|
Sep
|
Shannon, C |
The UCSD Network Telescope |
BBN |
- security
- measurement methodology
|
|
2004
|
Sep
|
Shannon, C |
The UCSD Network Telescope |
Equinix |
- security
- measurement methodology
|
|
2004
|
Sep
|
Shannon, C |
The UCSD Network Telescope |
Lincoln Labs |
- security
- measurement methodology
|
|
2004
|
Jul
|
Shannon, C |
The Spread of the Witty Worm |
LISA |
|
|
2004
|
Jun
|
Shannon, C |
The Spread of the Witty Worm |
SDRIW |
|
|
2004
|
Apr
|
Shannon, C |
Security Data Collection at CAIDA |
WIDE |
|
|
2004
|
Feb
|
Shannon, C |
Analysis of the December DDoS Attack Against SCO |
NANOG |
|
|
2004
|
Jan
|
Shannon, C |
Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks |
Intel |
- security
- measurement methodology
|
|
2004
|
Jan
|
Shannon, C |
Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks |
ATT Labs |
- security
- measurement methodology
|
|
2004
|
Jan
|
Shannon, C |
Network Telescopes: Remote Monitoring of Internet Worms and Denial-of-Service Attacks |
Boston University |
- security
- measurement methodology
|
|
2003
|
Oct
|
Moore, D |
Network Telescopes Overview: What is a Network Telescope? |
LISA |
- security
- measurement methodology
- passive data analysis
|
|
2003
|
Sep
|
Moore, D |
Network Telescopes |
DIMACS |
- security
- measurement methodology
- passive data analysis
|
|
2003
|
Jul
|
Shannon, C
Moore, D |
Internet Worms: Current Capabilities in Awareness, Detection, Response |
Cisco |
|
|
2003
|
Apr
|
Moore, D |
Internet Quarantine: Requirements for Containing Self-Propagating Code |
INFOCOM |
|
|
2003
|
Feb
|
Moore, D |
Understanding Global Internet Health |
UC Regents |
|
|
2003
|
Jan
|
Moore, D |
Understanding Global Internet Health |
CAIDA |
|
|
2002
|
Aug
|
Moore, D |
Network Telescopes: Observing Small or Distant Security Events |
USENIX |
- security
- measurement methodology
- passive data analysis
|
|
2002
|
Mar
|
Moore, D |
Fundamental Limits on Blocking Self-Propagating Code |
CSTB |
|
|
2001
|
Oct
|
Moore, D |
Recent Internet Worms: Who are the Victims and How Good are We at Getting the Word Out? |
NANOG |
|
|
2001
|
Aug
|
Moore, D |
Code Red the second coming - from whence diurnal cycles |
USENIX |
|
|
2001
|
Aug
|
Moore, D |
Worldwide Detection of Denial of Service DoS Attacks |
USENIX |
|
|
1999
|
Dec
|
claffy, k |
traffic observation in a stateless data networking environment |
CRISP Cybercrime Workshop |
|
| Year |
Author(s) |
Title |
Publication |
Topic(s) |
|
2006
|
Broido, A.
Shang, H.
Fomenkov, M.
Hyun, Y.
claffy, k. |
The Windows of Private DNS Updates |
ACM SIGCOMM Computer Communications Review (CCR) |
- dns
- security
- policy
|
|
2006
|
Moore, D.
Shannon, C.
Brown, D.
Voelker, G.
Savage, S. |
Inferring Internet Denial-of-Service Activity |
ACM Transactions on Computer Systems |
|
|
2005
|
Kohno, T.
Broido, A.
claffy, k. |
Remote physical device fingerprinting |
IEEE Symposium on Security and Privacy |
- security
- measurement methodology
|
|
2004
|
Staniford, S.
Moore, D.
Paxson, V.
Weaver, N. |
The Top Speed of Flash Worms |
ACM Workshop on Rapid Malcode (WORM) |
|
|
2004
|
Shannon, C.
Moore, D. |
The Spread of the Witty Worm |
IEEE Security and Privacy |
|
|
2004
|
Moore, D.
Shannon, C.
Voelker, G.
Savage, S. |
Network Telescopes: Technical Report |
Cooperative Association for Internet Data Analysis (CAIDA) |
- security
- measurement methodology
|
|
2004
|
Shah, K.
Bohacek, S.
Broido, A. |
Feasibility of Detecting TCP-SYN Scanning at a Backbone router |
IEEE American Control Conference |
|
|
2003
|
Moore, D.
Paxson, V.
Savage, S.
Shannon, C.
Staniford, S.
Weaver, N. |
Inside the Slammer Worm |
IEEE Security and Privacy |
|
|
2003
|
Moore, D.
Shannon, C.
Voelker, G.
Savage, S. |
Internet Quarantine: Requirements for Containing Self-Propagating Code |
IEEE Conference on Computer Communications (INFOCOM) |
|
|
2003
|
Moore, D.
Paxson, V.
Savage, S.
Shannon, C.
Staniford, S.
Weaver, N. |
The Spread of the Sapphire/Slammer Worm |
CAIDA, ICSI, Silicon Defense, UC Berkeley EECS and UC San Diego CSE |
- security
- passive data analysis
|
|
2002
|
Moore, D.
Shannon, C.
Brown, J. |
Code-Red: a case study on the spread and victims of an Internet worm |
Internet Measurement Workshop (IMW) |
- security
- passive data analysis
|
|
2001
|
Moore, D.
Voelker, G.
Savage, S. |
Inferring Internet Denial-of-Service Activity |
Usenix Security Symposium |
|
|
1995
|
claffy, k.
Gross, A
Braun, H.-W. |
Measured interference of security mechanisms with network performance |
International Networking Conference (INET) |
|
|
|
Cooperative Association for Internet Data Analysis (CAIDA)