A Novel Method of Filtering Internet Background Radiation Traffic

Internet Background Radiation (IBR) traffic is a kind of abnormal traffic, which is ubiquitous on the Internet. Detecting or filtering out IBR traffic from all traffic is benefit to ensure network security. This paper proposes a novel IBR traffic filtering method based on relative uncertainty theory. It directly filters out IBR traffic from collected Net Flow data without specific configurations or building extra collection system. The key assumption of our approach is that the traffic source of normal users is relatively certain rather than random. The IBR traffic filtered by our approach also includes the part that sent to normal user hosts besides the traffic to unsigned IP, which is more valuable and practical to network security.

[1]  Niels Provos,et al.  Data reduction for the scalable automated analysis of distributed darknet traffic , 2005, IMC '05.

[2]  Farnam Jahanian,et al.  The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[3]  Alberto Dainotti,et al.  Extracting benefit from harm: using malware pollution to analyze the impact of political and geophysical events on the internet , 2012, CCRV.

[4]  Stefan Savage,et al.  Network Telescopes: Technical Report , 2004 .

[5]  Alberto Dainotti,et al.  Gaining insight into AS-level outages through analysis of Internet Background Radiation , 2013, INFOCOM Workshops.

[6]  Jon Crowcroft,et al.  Honeycomb , 2004, Comput. Commun. Rev..

[7]  Kuai Xu,et al.  Internet Traffic Behavior Profiling for Network Security Monitoring , 2008, IEEE/ACM Transactions on Networking.

[8]  Vinod Yegneswaran,et al.  On the Design and Use of Internet Sinks for Network Abuse Monitoring , 2004, RAID.

[9]  Chuang Lin,et al.  A NetFlow based flow analysis and monitoring system in enterprise networks , 2008, Comput. Networks.

[10]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[11]  Zhi-Li Zhang,et al.  Profiling internet backbone traffic: behavior models and applications , 2005, SIGCOMM '05.

[12]  George Bebis,et al.  A survey of network flow applications , 2013, J. Netw. Comput. Appl..

[13]  Xenofontas A. Dimitropoulos,et al.  Classifying internet one-way traffic , 2012, Internet Measurement Conference.

[14]  Eric Wustrow,et al.  Internet background radiation revisited , 2010, IMC '10.

[15]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.