资源描述:
《abstract internet intrusions global characteristics and prevalence》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、InternetIntrusions:GlobalCharacteristicsandPrevalenceVinodYegneswaran,PaulBarfordandJohannesUllrichfvinod,pbg@cs.wisc.edu,jullrich@sans.orgABSTRACTProtection;c.2.5[ComputerCommunicationNetworks]:Net-workMonitoring;c.4[PerformanceofSystems]:Measure-Networkintrusionshavebeenaf
2、actoflifeintheInternetformentTechniques,ModelingTechniques,PerformanceAttributesmanyyears.However,asisthecasewithmanyothertypesofInternet-widephenomena,gaininginsightintotheglobalcharacteristicsofintrusionsischallenging.InthispaperweGeneralTermsaddressthisproblembysystematic
3、allyanalyzingasetoffire-Security,Measurement,Performancewalllogscollectedoverfourmonthsfromover1600differentnetworksworldwide.Thefirstpartofourstudyisagen-eralanalysisfocusedontheissuesofdistribution,categoriza-Keywordstionandprevalenceofintrusions.OurdatashowsbothalargeNetwor
4、kSecurity,WideAreaMeasurement,InternetPerfor-quantityandwidevarietyofintrusionattemptsonadailyba-manceandMonitoringsis.WealsofindthatwormslikeCodeRed,NimdaandSQLSnakepersistlongaftertheiroriginalrelease.ByprojectingintrusionactivityasseeninourdatasetstotheentireInternet1.INTR
5、ODUCTIONwedeterminethattherearetypicallyontheorderof25Bintru-Defendingwideareanetworksfromintrusionintheformofsionattemptsperdayandthatthereisanincreasingtrendoverportscansandattacksposesasignificant,on-goingchallengeourmeasurementperiod.Wefurtherfindthatsourcesofin-fornetwork
6、operators.Usingbackscatteranalysistocharac-trusionsareuniformlyspreadacrosstheAutonomousSystemterizeDenial-of-Service(DoS)activityintheInternet,Moorespace.However,deeperinvestigationrevealsthataverysmalletal.showthattheseintrusionsarenumerousandontherisecollectionofsourcesar
7、eresponsibleforasignificantfraction[17].In2001,twowidelyreportedInternetworms(CodeRedofintrusionattemptsinanygivenmonthandtheiron/offpat-andNimda)eachinfectedhundredsofthousandsofnodesinternsexhibitcliquesofcorrelatedbehavior.Weshowthatthelessthanadayandrequiredcountlesshours
8、toeradicatefromdistributionofsourceIPaddressesofthenon-wormintrusionssystem