Beyond Size: Investigating the Impact of Scaled-Down Network Telescopes on Threat Detection

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Network Management Pub Date : 2025-03-20 DOI:10.1002/nem.70014

Arthur Vinícius Cunha Camargo, Lisandro Granville, Leandro M. Bertholdo

{"title":"Beyond Size: Investigating the Impact of Scaled-Down Network Telescopes on Threat Detection","authors":"Arthur Vinícius Cunha Camargo, Lisandro Granville, Leandro M. Bertholdo","doi":"10.1002/nem.70014","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Cyber threat intelligence relies on network telescopes to detect attacks and emerging threats, traditionally utilizing a substantial portion of the IPv4 address space. However, the escalating scarcity and value of this resource force companies and research centers to grapple with the challenge of repurposing their address spaces, potentially impacting cybersecurity effectiveness and hindering research efforts. In this article, we first investigate the historical usage of IPv4 address space in network telescopes and the current reduction trend in several initiatives. Then, we examine the impact of reducing the allocated space on the ability of these systems to identify attackers and attack campaigns. We explore two network telescopes with the intention of assessing the impact of this reduction by quantifying the losses in several ways. Our findings reveal that even halving the allocated space for a network telescope may still permit the detection of 80% of unique cyberattack sources and the address allocation schema has little to no influence on this detection. We also found that most of the proportions and patterns remain present, albeit with reduced intensity.</p>\n </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 3","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.70014","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber threat intelligence relies on network telescopes to detect attacks and emerging threats, traditionally utilizing a substantial portion of the IPv4 address space. However, the escalating scarcity and value of this resource force companies and research centers to grapple with the challenge of repurposing their address spaces, potentially impacting cybersecurity effectiveness and hindering research efforts. In this article, we first investigate the historical usage of IPv4 address space in network telescopes and the current reduction trend in several initiatives. Then, we examine the impact of reducing the allocated space on the ability of these systems to identify attackers and attack campaigns. We explore two network telescopes with the intention of assessing the impact of this reduction by quantifying the losses in several ways. Our findings reveal that even halving the allocated space for a network telescope may still permit the detection of 80% of unique cyberattack sources and the address allocation schema has little to no influence on this detection. We also found that most of the proportions and patterns remain present, albeit with reduced intensity.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.