A Network Telescope for Early Warning Intrusion Detection

  • Panos Chatziadam
  • Ioannis G. Askoxylakis
  • Alexandros Fragkiadakis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)


Proactive cyber-security tools provide basic protection as today’s cyber-criminals utilize legitimate traffic to perform attacks and remain concealed quite often until it is too late. As critical resources, hidden behind layers of cyber-defenses, can still become compromised with potentially catastrophic consequences, it is of paramount significance to be able to identify cyber-attacks and prepare a proper defense as early as possible. In this paper we will go over the architecture, deployment and usefulness of a distributed network of honeypots that relies on darknets to obtain its data. As we have envisioned that such a system has the potential to detect large scale events as early as possible we have adopted the name Early Warning Intrusion System (EWIS).


Human aspects of intelligence-driven cybersecurity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Irwin, B.: A framework for the application of network telescope sensors in a global IP network (January 2011)Google Scholar
  2. 2.
    Pouget, F., Dacier, M., Pham, V.: Vh: on the advantages of deploying a large scale distributed honeypot platform. In: ECCE 2005, E-Crime and Computer Evidence, pp. 1–13 (2005)Google Scholar
  3. 3.
    Final Report - NoAH (NoAH: a European Network of Affined Honeypots) (2008)Google Scholar
  4. 4.
    Spyridopoulos, T., Karanikas, G., Tryfonas, T., Oikonomou, G.: A game theoretic defence framework against DoS/DDoS cyber attacks. Computers & Security 38, 39–50 (2013)CrossRefGoogle Scholar
  5. 5.
    Cooke, E., Bailey, M., Watson, D., Jahanian, F., Nazario, J.: The Internet motion sensor: A distributed global scoped Internet threat monitoring system, 1–16 (2004)Google Scholar
  6. 6.
    Akram, R.N., Markantonakis, K., Mayes, K.: User centric security model for tamper-resistant devices. In: Proceedings - 2011 8th IEEE International Conference on e-Business Engineering, ICEBE 2011, pp. 168–177 (2011)Google Scholar
  7. 7.
  8. 8.
    Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical Darknet Measurement. In: 40th Annual Conference on Information Sciences and Systems (2006)Google Scholar
  9. 9.
  10. 10.
  11. 11.
    Moore, D., Shannon, C., Brown, D.: Inferring internet denial-of-service activity. ACM Transactions (2006)Google Scholar
  12. 12.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying Port Scans and Their Detection Methodologies. The Computer Journal 54(10), 1565–1581 (2011)CrossRefGoogle Scholar
  13. 13.
    Akram, R., Markantonakis, K. (n.d.): Smart Cards: State-of-the-Art to Future Directions. Scholar
  14. 14.
    Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. In: USENIX SRUTI Workshop (2005)Google Scholar
  15. 15.
    Symantec, W32.downadup,
  16. 16.
    Cisco, Branch router QoS design,
  17. 17.
    Internet file system,
  18. 18.
    Computer Emergency Response Team of Austria, cert.atGoogle Scholar
  19. 19.
    Oxford University, The Darknet Mesh Project, Scholar
  20. 20.
    Caida, The UCSD Network Telescope,
  21. 21.
    ICSI, CCIED Network Telescope,
  22. 22.
    Team Cymru, The Darknet Project,
  23. 23.
    Fragkiadakis, A.G., Tragos, E.Z., Tryfonas, T., Askoxylakis, I.G.: Design and performance evaluation of a lightweight wireless early warning intrusion detection prototype. EURASIP Journal on Wireless Communications and Networking (1), 73 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Panos Chatziadam
    • 1
  • Ioannis G. Askoxylakis
    • 1
  • Alexandros Fragkiadakis
    • 1
  1. 1.Institute of Computer Science Foundation for Research & Technology – Hellas (FORTH)FORTHcertGreece

Personalised recommendations