Introduction and Problem Statement
Every year, millions of packets of data are sent to targets not set up to receive them. Although some sources of this data are simply misconfigured network adapters, other causes include malicious activity such as distributed denial-of-service (DDOS) attacks, computer worms and botnets (Pang et al., 2004; Wustrow et al., 2010). A computer worm is a kind of virus that, once executed, duplicates itself and spreads to other computers over a network (Staniford et al., 2002; Zou et al., 2005). The most well-programmed worms are able to propagate through a network within minutes and can do so indefinitely. A DDOS attack occurs when numerous systems (usually compromised) all attack a single system, flooding it with packets to the point where it is too overloaded to serve ordinary users (Moore et al., 2006). Both of these phenomenons are harmful to users and content providers on the internet, and both can happen very suddenly, leaving victimised systems with little time to react.
IBR is the phenomenon of useless and largely illegitimate network traffic on the Internet. It can be imagined as analogous to a multitude of physical letters sent to physical addresses that do not exist, such as non-existent street numbers on real streets. Despite ostensibly being a waste of bandwidth, this traffic can be useful to network researchers interested in the spread of worms and the occurence of DDoS attacks. Analysing this traffic can allow researchers to make inferences about the general state of malicious activity on the Internet.
This project aims to create a system for characterising historical IBR captures in order to further the study of this phenomenon, and as a step towards the development of near-realtime, intelligent systems that perform the same function.
- 11 March 2014 – Project Proposal Seminar
- 30 May 2014 – Literature Review and Plan of Action
- 29 July 2014 – Second Seminar
- 15 September 2014 – Short Paper
- 31 October 2014 – Project Thesis