While darknets are different from traditional IDSs, they use the same type of detection. But with a darknet, you know immediately that any traffic entering is hostile because there are no advertised services in a darknet.
This solves two problems associated with traditional IDSs. Firstly, you don't need to classify the source of data. By design, a darknet only monitors traffic and serves no other purpose, so you know any data entering the darknet is hostile. Secondly, you don't need to inspect the data to know that it's hostile. No one would be probing an empty network space unless he or she was looking for something.
It's enough to identify the source and destination IP addresses and protocol ports. Then, if you want to identify the specific worm or exploit associated with the hostile traffic, you can use an IDS such as Snort to fingerprint data packets rather quickly.
Whether darknets are valuable in the corporate environment depends on your definition of security. Darknets don't stop hostile traffic at the perimeter like a firewall, nor do they block viruses or filter content. But a darknet specifically monitors traffic that shouldn't occur at all and it provides yet another tool for your security arsenal.
Darknets can provide early notification of wide-scale Internet threats and therefore play a role in Internet security. For example, you could use a darknet on an internal corporate network to quickly identify hosts infected with a network worm before the worm spreads to the entire internal network — and possibly before antivirus software can even detect it.
