On May 14-15, 2012, CAIDA hosted the 1st International Workshop on Darkspace and UnSolicited Traffic Analysis (DUST 2012) at the San Diego Supercomputer Center, UCSD, San Diego, California.
The goal of the DUST workshop series is to bring together researchers, operators, and analysts interested in unsolicited traffic analysis, especially traffic destined to unassigned (dark) IP address space.
Participation in DUST 2012 is by invitation only.
Place: Room B143-E (Vis Lab), San Diego Supercomputer Center East Building, UCSD Campus, La Jolla, CA
Topics of Interest
IP darkspaces are global routable address spaces that contain no active hosts. All traffic to an IP darkspace is unsolicited and unidirectional. Observing and analyzing darkspace traffic has helped detect and analyze global incidents such as scannning, DDoS attacks, network outages and misconfigurations.
The workshop seeks to provide a forum for discussion of the science, engineering, and policy challenges associated with darkspace and unsolicited traffic analysis. We expect interested parties to include:
- operators of darkspace monitors
- researchers engaged in darkspace and unsolicited traffic analysis
- scientists interested in working on the UCSD darkspace data
- scientists or organizations interested in setting up a darkspace monitor
- scientists working on related topics (e.g. honeynets, intrusion detection, data sharing, etc.)
The intended outcomes the workshops include:
- establishing policies and mechanisms to enable broader sharing of darkspace data including real-time sharing
- improve scientific methods for darkspace and unsolicited traffic analysis
- combine and compare data from darkspace monitors at different locations
- share experience from darkspace monitor operation (lessons learned) and darkspace data analysis
- establish methods for synchronizing darkspace monitoring efforts
- explore a integrated network of existing darkspace monitors for combined analysis
A longer-term goal is to initiate an enduring community of darkspace monitor operators and scientists to share data and coordinate future activities.
The workshop will begin at 12pm noon on Monday, and adjourn at 5pm on Tuesday.
May 14 (Monday)
- 9:00 - 12:00 Open networking time (coffee and bagels)
- 12:00 - 13:00 lunch
- 13:00 - 13:15 Introductions
- kc claffy (CAIDA), Introduction of participants, workshop format and goals (15 min)
- 13:15 - 14:45 Darkspace Analysis
- Xenofontas Dimitropoulos (ETH Zürich), Classifying Internet One-way Traffic (30 min)
- Shouhuai Xu (University of Texas at San Antonio), Toward a statistical framework for using darkspace-based unsolicited traffic to infer cyber threats (30 min)
14:45 - 15:00 break
- 15:00 - 15:45 Tools and Methods
- 16:00 - 17:30 IPv6
- Geoff Huston (APNIC), IPv6 Background Radiation (45 min)
- Casey Deccio (Sandia National Laboratories), Turning Down the Lights: Darknet Deployment Lessons Learned (45 min)
- 17:30 Reception Dinner at The Shores Restaurant at La Jolla Shores Hotel
- Street Address: 8110 Camino Del Oro, La Jolla, California 92037
May 15 (Tuesday)
- 8:00 - 9:00 breakfast
- 9:00 - 10:45 Darkspace Analysis, continued
- David Plonka (University of Wisconsin - Madison), A Rendezvous-based Paradigm for Analysis of Solicited and Unsolicited Traffic (30 min)
- Alberto Dainotti (CAIDA), Analysis of Darknet Traffic from Botnet Scans (45 min) (email firstname.lastname@example.org for slides)
- Tanja Zseby (CAIDA), Comparable Metrics for IP Darkspace Analysis (30 min)
10:45 - 11:00 break
- 11:00 - 12:00 Tools and Methods, continued
- 12:00 - 13:00 lunch
- 13:00 - 15:15 Sharing and Combining
- Manish Karir (DHS), Spatial and Longitudinal Darknet Datasets (15 min)
- John McHugh (RedJack, LLC), Dust Between the Stars: adventures with a small telescope (30 min)
- Markus De Shon (Google), A Traffic Study to Interleaved Darkspace (30 min)
- Brian Trammell (ETH Zürich), An Architectural Approach to Inter-domain Measurement Data Sharing (30 min)
- Claude Fachkha (NCFTA Canada & Concordia University), Investigating the Darkspace: Profiling, Threat-Based Analysis and Correlation (30 min)
15:15 - 15:30 break
- 15:30 - 16:30 Panel Discussion
- Erin Kenneally (CAIDA), Illuminating the way for Trusted Darkspace Data Sharing
- 16:30 - 17:00 Discussion: Future Joint Activities
- 17:00 Adjourn
For this workshop, attendees are expected to make their own hotel reservations and transportation arrangements from their hotels to the workshop. For CAIDA's list of recommended local hotels including shuttle availability, see a recent Recommended Hotels list (PDF). Contact the hotel directly for hotel shuttle schedules (if available) to the San Diego Supercomputer Center (SDSC).
This workshop is being held in the SDSC East Building, B143-E.
(For those GPS-enabled attendees, the GPS coordinates near the conference room is WGS84: 32°53'04.00"N, 117°14'22.00"W)
General driving directions to SDSC are located on the CAIDA Contact and Visitor Info page.
- Parking on campus
The most convenient parking is in the Hopkins parking structure at Hopkins Dr and Voigt Dr, just south of SDSC.
Parking Permits: Parking permits will be provided at the small loop driveway directly in front of the SDSC East building on Hopkins Drive. From 9:00am to 9:30am, and from 11:00am to 12:00pm, we will be handing out parking permits for the day to DUST 2012 participants. We will give you instructions on how to mark the parking permit, and point you to the back to the Hopkins Parking Structure for parking. Park ONLY in green "B" or yellow "S" spaces anywhere on campus with the parking permit that is provided.
Parking permits for subsequent days will be provided at the end of Day 1, just prior to the Reception.
After picking up your parking permit, it is recommended you go to the Hopkins Parking Structure next to SDSC and park anywhere from 1st to 6th level, in spaces marked "S" or "B". Take the elevators up to the 7th floor and walk across the iron bridge to the adjacent Social Sciences Building. Turn a right after the bridge and walk north towards the SDSC main building, the building with a large radar dish on the roof. Walk down the path to the black main doors and into the SDSC main lobby, following the signs pointing to the workshop. Walk past the elevators on your left and continue through the cooridor to the east building, going down a flight of stairs to a set of double doors which goes outside. Without going outside, turn around to find Room B143-E, also labeled Vis Lab, which is directly under the stairs that you just came down.
If you plan to arrive for the open networking time on the morning (9am) of Day 1 before the workshop starts (12pm), coffee and bagels will be served in SDSC Main Building Room 408.
Funding for this event is provided by the National Science Foundation's Computing Research Infrastructure program CNS-1059439 and the Department of Homeland Security's Science and Technology Directorate's PREDICT program NBCHC070133.