1,527 research outputs found
The Internet AS-Level Topology: Three Data Sources and One Definitive Metric
We calculate an extensive set of characteristics for Internet AS topologies
extracted from the three data sources most frequently used by the research
community: traceroutes, BGP, and WHOIS. We discover that traceroute and BGP
topologies are similar to one another but differ substantially from the WHOIS
topology. Among the widely considered metrics, we find that the joint degree
distribution appears to fundamentally characterize Internet AS topologies as
well as narrowly define values for other important metrics. We discuss the
interplay between the specifics of the three data collection mechanisms and the
resulting topology views. In particular, we show how the data collection
peculiarities explain differences in the resulting joint degree distributions
of the respective topologies. Finally, we release to the community the input
topology datasets, along with the scripts and output of our calculations. This
supplement should enable researchers to validate their models against real data
and to make more informed selection of topology data sources for their specific
needs.Comment: This paper is a revised journal version of cs.NI/050803
A Characterization of Cybersecurity Posture from Network Telescope Data
Data-driven understanding of cybersecurity posture is an important problem
that has not been adequately explored. In this paper, we analyze some real data
collected by CAIDA's network telescope during the month of March 2013. We
propose to formalize the concept of cybersecurity posture from the perspectives
of three kinds of time series: the number of victims (i.e., telescope IP
addresses that are attacked), the number of attackers that are observed by the
telescope, and the number of attacks that are observed by the telescope.
Characterizing cybersecurity posture therefore becomes investigating the
phenomena and statistical properties exhibited by these time series, and
explaining their cybersecurity meanings. For example, we propose the concept of
{\em sweep-time}, and show that sweep-time should be modeled by stochastic
process, rather than random variable. We report that the number of attackers
(and attacks) from a certain country dominates the total number of attackers
(and attacks) that are observed by the telescope. We also show that
substantially smaller network telescopes might not be as useful as a large
telescope
- …