Top

Published in:

2015 | OriginalPaper | Chapter

Behavior Based Darknet Traffic Decomposition for Malicious Events Identification

Authors : Ruibin Zhang, Lei Zhu, Xiaosong Li, Shaoning Pang, Abdolhossein Sarrafzadeh, Dan Komosny

Published in: Neural Information Processing

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: (a) the activities within each group should be highly alike; (b) the activities should have enough significance in terms of scan scale; and (c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Local Sparse Representation Based Interest Point Matching for Person Re-identification

next chapter Statistical Modelling of Artificial Neural Network for Sorting Temporally Synchronous Spikes

Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet denial-of-service activity. ACM Trans. Comput. Syst. 24, 115–139 (2006)CrossRef

Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. Networks 7, 39–44 (2005)

Kumar, A., Paxson, V., Weaver, N.: Exploiting underlying structure for detailed reconstruction of an internet-scale event. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement - IMC 2005, p. 1 (2005)

Harder, U., Johnson, M.W., Bradley, J.T., Knottenbelt, W.J.: Observing internet worm and virus attacks with a small network telescope. Electron. Notes Theoret. Comput. Sci. 151(3), 47–59 (2006)CrossRef

Staniford, S., Moore, D., Paxson, V., Weaver, N.: The top speed of flash worms. In: WORM 2004 - Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 33–42 (2004)

Li, Z., Shi, W., Shi, X., Zhong, Z.: A supervised manifold learning method. Comput. Sci. Inf. Syst. 6(2), 205–215 (2009)CrossRef

Francois, J., Festor, O., et al.: Tracking global wide configuration errors. In: IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (2006)

Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 602–611 (2005)

Limthong, K., Kensuke, F., Watanapongse, P.: Wavelet-based unwanted traffic time series analysis. In: Proceedings of the 2008 International Conference on Computer and Electrical Engineering, ICCEE 2008, pp. 445–449 (2008)

10.

Ahmed, E., Clark, A., Mohay, G.: Effective change detection in large repositories of unsolicited traffic. In: Fourth International Conference on Internet Monitoring and Protection, ICIMP 2009, pp. 1–6. IEEE (2009)

11.

Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 211–225. IEEE (2004)

12.

Giorgi, G., Narduzzi, C.: Detection of anomalous behaviors in networks from traffic measurements. IEEE Trans. Instrum. Measur. 12(57), 2782–2791 (2008)CrossRef

13.

Kanda, Y., Fukuda, K., Sugawara, T.: A flow analysis for mining traffic anomalies. In: 2010 IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (2010)

14.

Kim, M.-S., Kong, H.-J., Hong, S.-C., Chung, S.-H., Hong, J.: A flow-based method for abnormal network traffic detection. In: 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507), vol. 1 (2004)

Title: Behavior Based Darknet Traffic Decomposition for Malicious Events Identification
Authors: Ruibin Zhang
Lei Zhu
Xiaosong Li
Shaoning Pang
Abdolhossein Sarrafzadeh
Dan Komosny
Publisher: Springer International Publishing
Book: Neural Information Processing
Print ISBN: 978-3-319-26554-4

Electronic ISBN: 978-3-319-26555-1

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-26555-1_29

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner