• Header Web Conf19 Finale
            
  • Conf19 Testa
            

Connecting the future    

GARR Conference is the annual meeting of users, operators and managers of the Italian national education and research network aimed at sharing experiences and comments on the use of the network as a tool for research, training and culture, in different contexts and disciplines.


GARR Conference 2019 - Video


Thematics     

Thematics    

At the hearth of this years’ conferenceare the new IT challenges in multidisciplinary research: from cybersecurity to artificial intelligence, from data preservation to their reuse, from education to open science.

These are topics of interest for the many communities that are part of the GARR network and are becoming more and more interlinked and multidisciplinary. The conference will be an opportunity to present success stories of innovation and topics for discussion for the world of academia, research, education, health and humanities.

4 giugno 2019

Martino Trevisan

Politecnico di Torino
https://www.polito.it/

Le Darknet sono tutte uguali? L'utilità delle Darknet per la cybersecurity

Martino Trevisan ha ricevuto il dottorato in Ingegneria Elettrica Elettronica e delle Comunicazioni nel 2019 dal Politecnico di Torino, dove attualmente lavora come ricercatore post-dottorale nel contesto del centro SmartData. Ha lavorato in progetti Europei e industriali ed è autore di più di 20 pubblicazioni in conferenze e riviste internazionali. Ha visitato i Cisco Labs di San Jose, California durante le estati 2016 e 2017, e durante l'autunno 2018 ha svolto ricerca presso gli AT&T Labs di Bedminster, New Jersey. Le sue ricerche si focalizzano su Big Data e Machine Learning applicati a problemi di telecomunicazioni e monitoraggio del traffico di rete.

Martino Trevisan received his PhD in 2019 from Politecnico di Torino, Italy. He is currently a postdoctoral researcher at the SmartData@Polito center in the same university. He has been collaborating in both Industry and European projects and spent six months in Telecom ParisTech, France working on High-Speed Traffic Monitoring during his M.Sc. He visited twice Cisco labs in San Jose in summer 2016 and 2017, as well as AT&T labs during fall 2018. His research interests are Big Data and Machine Learning applied to Network Measurements and Traffic Monitoring.

SESSIONE 3. Cybersecurity

Le Darknet sono tutte uguali? L'utilità delle Darknet per la cybersecurity

Le darknet sono sottoreti che vengono annunciate in Internet ma non ospitano alcun dispositivo. Esse registrano solamente il traffico che ricevono, assistendo le attività amministratore di rete. Siccome per definizione ogni pacchetto che essere ricevono non è sollecitato, le darknet sono validi strumenti per rilevare dispositivi configurati in maniera errata nonché potenziali minacce come botnet, attacchi DDos, ecc... In questo articolo investighiamo la somiglianza tra diverse darknet in termini di traffico osservato. Utilizzando darknet in diversi continenti, quantifichiamo la loro esposizione a potenziali minacce, e mostriamo come alcune delle loro proprietà (ad esempio le porte più contattate) rimangano invariate nello spazio. Tuttavia riscontriamo anche significative differenze, in particolare tra le sorgenti di traffico.


Are Darknets All The Same? On Darknet Visibility for Security Monitoring

Darknets are sets of IP addresses that are advertised but do not host any client or server. By passively recording the incoming packets, they assist network monitoring activities. Since packets they receive are unsolicited by definition, darknets help to spot misconfigurations as well as important security events, such as the appearance of botnets, DDoS attacks, etc. We here investigate how similar is the visibility of different darknets. By relying on traffic from three darknets deployed in different contintents, we evaluate their exposure in terms of observed events given their allocated IP addresses. Our results suggest that some well-known facts about darknet visibility seem invariant across deployments, such as the most commonly contacted ports. However, we find significant differences in the observed traffic from darknets deployed in different IP ranges.

 

Sponsor

Huawei
Main Sponsor

TIM
Fortinet