A Cloud-Native Framework For Globally Distributed Capture and Analysis of Internet Background Radiation

Among the existing methods for analysing internet traffic, one focuses on unsolicited and often harmful packets, referred to as Internet Background Radiation - IBR. It is possible to capture samples of the IBR by allocating computing assets to listen to incoming packets and recording headers and contents into the PCAP format. This work presents the research plan for capturing a year-long sample of the IBR arriving to 1500 sensors geographically distributed across one major service cloud provider. Combined to that, a data analysis pipeline will be designed to enable the querying of most relevant quantitative and qualitative aspects of the resulting dataset. The ultimate goal is to answer "how is the IBR characterised when captured within the context of cloud computing?". Results will include packet distribution according to the properties of the network, transport, and application layers, together with an evaluation of traffic linking to botnet activity such as Mirai and Moobot.