超越规模：调查缩小网络望远镜对威胁检测的影响

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Network Management Pub Date : 2025-03-20 DOI:10.1002/nem.70014

Arthur Vinícius Cunha Camargo, Lisandro Granville, Leandro M. Bertholdo

{"title":"超越规模：调查缩小网络望远镜对威胁检测的影响","authors":"Arthur Vinícius Cunha Camargo, Lisandro Granville, Leandro M. Bertholdo","doi":"10.1002/nem.70014","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Cyber threat intelligence relies on network telescopes to detect attacks and emerging threats, traditionally utilizing a substantial portion of the IPv4 address space. However, the escalating scarcity and value of this resource force companies and research centers to grapple with the challenge of repurposing their address spaces, potentially impacting cybersecurity effectiveness and hindering research efforts. In this article, we first investigate the historical usage of IPv4 address space in network telescopes and the current reduction trend in several initiatives. Then, we examine the impact of reducing the allocated space on the ability of these systems to identify attackers and attack campaigns. We explore two network telescopes with the intention of assessing the impact of this reduction by quantifying the losses in several ways. Our findings reveal that even halving the allocated space for a network telescope may still permit the detection of 80% of unique cyberattack sources and the address allocation schema has little to no influence on this detection. We also found that most of the proportions and patterns remain present, albeit with reduced intensity.</p>\n </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 3","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-03-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Beyond Size: Investigating the Impact of Scaled-Down Network Telescopes on Threat Detection\",\"authors\":\"Arthur Vinícius Cunha Camargo, Lisandro Granville, Leandro M. Bertholdo\",\"doi\":\"10.1002/nem.70014\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>Cyber threat intelligence relies on network telescopes to detect attacks and emerging threats, traditionally utilizing a substantial portion of the IPv4 address space. However, the escalating scarcity and value of this resource force companies and research centers to grapple with the challenge of repurposing their address spaces, potentially impacting cybersecurity effectiveness and hindering research efforts. In this article, we first investigate the historical usage of IPv4 address space in network telescopes and the current reduction trend in several initiatives. Then, we examine the impact of reducing the allocated space on the ability of these systems to identify attackers and attack campaigns. We explore two network telescopes with the intention of assessing the impact of this reduction by quantifying the losses in several ways. Our findings reveal that even halving the allocated space for a network telescope may still permit the detection of 80% of unique cyberattack sources and the address allocation schema has little to no influence on this detection. We also found that most of the proportions and patterns remain present, albeit with reduced intensity.</p>\\n </div>\",\"PeriodicalId\":14154,\"journal\":{\"name\":\"International Journal of Network Management\",\"volume\":\"35 3\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2025-03-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Network Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/nem.70014\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.70014","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

网络威胁情报依赖于网络望远镜来检测攻击和新出现的威胁，传统上利用很大一部分IPv4地址空间。然而，这种资源的稀缺性和价值不断上升，迫使公司和研究中心努力应对重新利用其地址空间的挑战，这可能会影响网络安全的有效性，并阻碍研究工作。在这篇文章中，我们首先调查了IPv4地址空间在网络望远镜中的历史使用情况，以及当前在几个倡议中的减少趋势。然后，我们检查减少分配空间对这些系统识别攻击者和攻击活动的能力的影响。我们研究了两个网络望远镜，目的是通过几种方式量化损失来评估这种减少的影响。我们的研究结果表明，即使将分配给网络望远镜的空间减半，仍然可以检测到80%的独特网络攻击源，而地址分配模式对这种检测几乎没有影响。我们还发现，尽管强度降低了，但大多数比例和模式仍然存在。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Beyond Size: Investigating the Impact of Scaled-Down Network Telescopes on Threat Detection

Cyber threat intelligence relies on network telescopes to detect attacks and emerging threats, traditionally utilizing a substantial portion of the IPv4 address space. However, the escalating scarcity and value of this resource force companies and research centers to grapple with the challenge of repurposing their address spaces, potentially impacting cybersecurity effectiveness and hindering research efforts. In this article, we first investigate the historical usage of IPv4 address space in network telescopes and the current reduction trend in several initiatives. Then, we examine the impact of reducing the allocated space on the ability of these systems to identify attackers and attack campaigns. We explore two network telescopes with the intention of assessing the impact of this reduction by quantifying the losses in several ways. Our findings reveal that even halving the allocated space for a network telescope may still permit the detection of 80% of unique cyberattack sources and the address allocation schema has little to no influence on this detection. We also found that most of the proportions and patterns remain present, albeit with reduced intensity.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.