nach oben

Wireless Personal Communications

Erschienen in:

13.10.2016

Malicious Events Grouping via Behavior Based Darknet Traffic Flow Analysis

verfasst von: Shaoning Pang, Dan Komosny, Lei Zhu, Ruibin Zhang, Abdolhossein Sarrafzadeh, Tao Ban, Daisuke Inoue

Erschienen in: Wireless Personal Communications | Ausgabe 4/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper proposes a host behavior based darknet traffic decomposition approach to identifying groups of malicious events from massive historical darknet traffic. In this approach, we segment traffic flows from captured darknet data, distinguish scan from non-scan flows, and categorize scans according to scan width spreads. Consequently, event groups are appraised by applying the criterion that malicious events generated by the same attacker or malicious software should have similar average packet delay, AvgDly. We have applied the proposed approach to 12 months darknet traffic data for malicious events grouping. As a result, several large scale event groups are discovered on host behavior in the category of port scan, IP scan and hybrid scan, respectively.

Vorheriger Artikel Exploring the Impact of QR Codes in Authentication Protection: A Study Based on PMT and TPB

Nächster Artikel An Improved Remote User Authentication Scheme Using Elliptic Curve Cryptography

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Moore, D., Shannon, C., Brown, D. J., Voelker, G. M., & Savage, S. (2006). Inferring Internet denial-of-service activity. ACM Transactions on Computer Systems, 24, 115–139.CrossRef

Panjwani, S., Tan, S., Jarrin, K. M. & Cukier, M.(2005). An experimental evaluation to determine if port scans are precursors to an attack. In Proceedings of the international conference on dependable systems and networks, pp. 602–611.

Cooke, E., Jahanian, F., & McPherson, D. (2005). The zombie roundup: Understanding, detecting, and disrupting botnets. Networks, 7, 39–44. http://www.usenix.org/events/sruti05/tech/full_papers/cooke/cooke_html.

Kumar, A., Paxson, V., & Weaver, N. (2005). Exploiting underlying structure for detailed reconstruction of an internet-scale event. In Proceedings of the 5th ACM SIGCOMM conference on Internet measurement—IMC ’05, p. 1. http://portal.acm.org/citation.cfmdoid=1330107.1330150.

Voznak, M., & Safarik, J. (2012). DoS attacks targeting SIP server and improvements of robustness. International Journal of Mathematics and Computers in Simulation, 6(1), 177–184.

Harder, U., Johnson, M. W., Bradley, J. T., & Knottenbelt, W. J. (2006). Observing internet worm and virus attacks with a small network telescope. Electronic Notes in Theoretical Computer Science, 151(3), 47–59.CrossRef

Staniford, S., Moore, D., Paxson, V., & Weaver, N.(2004). The top speed of flash worms. In WORM’04—Proceedings of the 2004 ACM Workshop on Rapid Malcode, pp. 33–42. http://www.scopus.com/inward/record.url?eid=2-s2.0-14944380936&partnerID=40&md5=369ee882120c4d95a23f5abd1774e32c.

Francois, J., Festor O., et al. (2006). Tracking global wide configuration errors. In IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation.

Limthong, K., Kensuke, F., & Watanapongse, P. (2008). Wavelet-based unwanted traffic time series analysis. In Proceedings of the 2008 international conference on computer and electrical engineering, ICCEE 2008, pp. 445–449.

10.

Ahmed, E., Clark, A., & Mohay, G. (2009). Effective change detection in large repositories of unsolicited traffic. In Fourth international conference on Internet monitoring and protection. ICIMP’09 (pp. 1–6). IEEE.

11.

Jung, J., Paxson, V., Berger, A. W., & Balakrishnan, H., (2004) Fast portscan detection using sequential hypothesis testing. In 2004 IEEE symposium on security and privacy. 2004. Proceedings (pp. 211–225). IEEE.

12.

Giorgi, G., & Narduzzi, C. (2008). Detection of anomalous behaviors in networks from traffic measurements. IEEE Transactions on Instrumentation and Measurement, 12(57), 2782–2791.CrossRef

13.

Kanda, Y., Fukuda, K., & Sugawara, T. (2010). A flow analysis for mining traffic anomalies. In 2010 IEEE international conference on communications (ICC) (pp. 1–5). IEEE.

14.

Kim, M.-S., Kong, H.-J., Hong, S.-C., Chung, S.-H., & Hong, J. (2004). A flow-based method for abnormal network traffic detection. In 2004 IEEE/IFIP network operations and management symposium (IEEE Cat. No. 04CH37507), Vol. 1.

15.

Moore, D. (2002). Network Telescopes: Observing small or distant security events. In 11th USENIX Security Symposium, Invited talk. http://www.caida.org/outreach/presentations/2002/usenix_sec/usenix_sec_2002_files/v3_document.htm.

16.

Moore, D., Shannon, C., Voelker, G. M., & Savage, S. (2004). Network telescopes: Technical report. Department of Computer Science and Engineering: University of California, San Diego.

17.

Safarik, J., & Tomala, K. (2013). Automatic analysis of attack data from distributed honeypot network. In Proceedings of SPIE—The International Society for Optical Engineering, Vol. 8755, art., no. 875512.

18.

Irwin, B. (2013). A baseline study of potentially malicious activity across five network telescopes. In 2013 5th international conference on Cyber Conflict (CyCon). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6568378.

19.

Sutton, M. (2013). Monitoring darknet access to identify malicious activity. US Patent 8,413,238. http://www.google.com/patents/US8413238.

20.

Pang, R., Barford, P., Yegneswaran, V., Paxson, V., & Peterson, L. (2004). Characteristics of internet background radiation. In Proceedings of the 2004 ACM SIGCOMM Internet Measurement Conference, IMC 2004, pp. 27–40. http://www.scopus.com/inward/record.url?eid=2-s2.0-14944369649&partnerID=40&md5=8ea4c6eadf61c46e52561b896fe2eba9.

21.

Shannon, C., & Moore, D. (2004). The spread of the Witty worm. IEEE Security & Privacy, 2(4), 46–50.CrossRef

22.

Arkin, O. (1999). Network scanning techniques. Publicom Communications Solutions.

Titel: Malicious Events Grouping via Behavior Based Darknet Traffic Flow Analysis
verfasst von: Shaoning Pang
Dan Komosny
Lei Zhu
Ruibin Zhang
Abdolhossein Sarrafzadeh
Tao Ban
Daisuke Inoue
Publikationsdatum: 13.10.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 4/2017
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3744-4

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Arbeitszeit/© granata68 / Fotolia, E-Autos im Fuhrpark: Lohnt sich das noch?/© Petair / stock.adobe.com, Kryptowährungen/© gopixa / Getty Images / iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2017

Exploring the Impact of QR Codes in Authentication Protection: A Study Based on PMT and TPB

A Limited Energy Consumption Model for P2P Wireless Sensor Networks

RePC: A Localization Method Based on Regional Partition and Cooperation in Communication Networks

Two Novel Adaptive Transmission Schemes in a Decode-and-Forward Relaying Network

Characterization of 3D Elliptical Spatial Channel Model for MIMO Mobile-to-Mobile Communication Environment

A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.