- Title
- Evaluation of the effectiveness of small aperture network telescopes as IBR data sources
- Creator
- Chindipha, Stones Dalitso
- ThesisAdvisor
- Irwin, Barry Vivian William
- ThesisAdvisor
- Herbert, A (Alan)
- Subject
- Computer networks Monitoring
- Subject
- Computer networks Security measures
- Subject
- Computer bootstrapping
- Subject
- Time-series analysis
- Subject
- Regression analysis
- Subject
- Mathematical models
- Date
- 2023-03-31
- Type
- Academic theses
- Type
- Doctoral theses
- Type
- text
- Identifier
- http://hdl.handle.net/10962/366264
- Identifier
- vital:65849
- Identifier
- DOI https://doi.org/10.21504/10962/366264
- Description
- The use of network telescopes to collect unsolicited network traffic by monitoring unallocated address space has been in existence for over two decades. Past research has shown that there is a lot of activity happening in this unallocated space that needs monitoring as it carries threat intelligence data that has proven to be very useful in the security field. Prior to the emergence of the Internet of Things (IoT), commercialisation of IP addresses and widespread of mobile devices, there was a large pool of IPv4 addresses and thus reserving IPv4 addresses to be used for monitoring unsolicited activities going in the unallocated space was not a problem. Now, preservation of such IPv4 addresses just for monitoring is increasingly difficult as there is not enough free addresses in the IPv4 address space to be used for just monitoring. This is the case because such monitoring is seen as a ’non-productive’ use of the IP addresses. This research addresses the problem brought forth by this IPv4 address space exhaustion in relation to Internet Background Radiation (IBR) monitoring. In order to address the research questions, this research developed four mathematical models: Absolute Mean Accuracy Percentage Score (AMAPS), Symmetric Absolute Mean Accuracy Percentage Score (SAMAPS), Standardised Mean Absolute Error (SMAE), and Standardised Mean Absolute Scaled Error (SMASE). These models are used to evaluate the research objectives and quantify the variations that exist between different samples. The sample sizes represent different lens sizes of the telescopes. The study has brought to light a time series plot that shows the expected proportion of unique source IP addresses collected over time. The study also imputed data using the smaller /24 IPv4 net-block subnets to regenerate the missing data points using bootstrapping to create confidence intervals (CI). The findings from the simulated data supports the findings computed from the models. The CI offers a boost to decision making. Through a series of experiments with monthly and quarterly datasets, the study proposed a 95% - 99% confidence level to be used. It was known that large network telescopes collect more threat intelligence data than small-sized network telescopes, however, no study, to the best of our knowledge, has ever quantified such a knowledge gap. With the findings from the study, small-sized network telescope users can now use their network telescopes with full knowledge of gap that exists in the data collected between different network telescopes.
- Description
- Thesis (PhD) -- Faculty of Science, Computer Science, 2023
- Format
- computer, online resource, application/pdf, 1 online resource (264 pages), pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Rights
- Chindipha, Stones Dalitso
- Rights
- Use of this resource is governed by the terms and conditions of the Creative Commons "Attribution-NonCommercial-ShareAlike" License (http://creativecommons.org/licenses/by-nc-sa/2.0/)
- Hits: 2690
- Visitors: 2575
- Downloads: 114
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | CHINDIPHA-PHD-TR23-06.pdf | 3 MB | Adobe Acrobat PDF | View Details |