To explain how the Egyptian and Libyan governments shut down the Internet in their countries in early 2011, researchers at the University of California, San Diego's Cooperative Association for the Internet Data Analysis (CAIDA) conducted an analysis based on the drop in a specific subset of observable Internet traffic that is a byproduct of malware, which is often referred to as Internet background radiation.
The researchers say theirs is the first study to show how malware-generated traffic pollution can be used to analyze Internet censorship and network outages, and they believe this methodology could be adopted on a wider scale to create an automated early warning system to help detect Internet reachability problems in the future.
"We actually used something that’s generally regarded as bad--traffic pollution due to malware--for a beneficial purpose, specifically to improve our understanding of geopolitical censorship behavior," says CAIDA’s K.C. Claffy.
The researchers used the university's Network Telescope to collect what could be considered “garbage” of the Internet, such as traffic due to mistyped Internet protocol addresses, malicious scanning of address space by hackers looking for vulnerable targets, and the automated spread of malicious software.
"Using a combination of this data allowed us to narrow down which forms of Internet access disruption were implemented in a given region over time, but the malware-induced traffic helped us uncover things that the other data did not reveal," says CAIDA's Alberto Dainotti.
From UCSD News (CA)
View Full Article