| 摘要: |
Analysis based on Internet Background Radiation (IBR) has been shown to be effective for detecting Internet threats such as worms and DDOS attacks. In contrast with traditional methods using darknets, this paper proposes a scheme of extracting IBR from raw traffic gathered at a point of presence (PoP) by its ISP. This method is proceeding from a different angle based on redefined greynet and IBR’s own characteristics. The method’s basic principle is introduced first and then it is qualitatively analyzed using “precision" and “recall”. On this basis, the method is implemented facing raw traffic in a particular format and applied to measured data with certain scale. Based on the successfully extracted IBR, subsequent
analysis reveals that this scheme is effective and feasible.
|