The Day after Patch Tuesday: Effects Observable in IP Darkspace Traffic

  • Tanja Zseby
  • Alistair King
  • Nevil Brownlee
  • K C Claffy
Conference paper

DOI: 10.1007/978-3-642-36516-4_32

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7799)
Cite this paper as:
Zseby T., King A., Brownlee N., Claffy K.C. (2013) The Day after Patch Tuesday: Effects Observable in IP Darkspace Traffic. In: Roughan M., Chang R. (eds) Passive and Active Measurement. PAM 2013. Lecture Notes in Computer Science, vol 7799. Springer, Berlin, Heidelberg

Abstract

We investigated how Patch Tuesday affects the volume and characteristics of malicious and unwanted traffic as observed by a large IPv4 (/8) darkspace monitor over the first six months of 2012. We did not discover significant changes in overall traffic volume following Patch Tuesday, but we found a significant increase of the number of active hosts sending to our darkspace monitor the day after Patch Tuesday for all six investigated months. Our early results suggest the effects of Patch Tuesday are worth deeper investigation. Detecting time intervals during which new sources become active can help tune sampling methods toward activity periods that likely contain more interesting information (i.e., many new malicious sources) than other time periods.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tanja Zseby
    • 1
    • 2
  • Alistair King
    • 2
  • Nevil Brownlee
    • 2
    • 3
  • K C Claffy
    • 2
  1. 1.Fraunhofer Institute FOKUSBerlinGermany
  2. 2.CAIDAUCSDSan DiegoUSA
  3. 3.The University of AucklandAucklandNew Zealand

Personalised recommendations