Abstract
Recently, the community is recognizing to an importance of network vulnerability. Also, through the using this vulnerability, attackers can acquire the information of vulnerable users. Therefore, many researchers have been studying about a countermeasure of network vulnerabillty. In recent, the darknet is a received attention to research for detecting action of attackers. The means of darknet are formed a set of unused IP addresses and no real systems of connect to the darknet. In this paper, we proposed an using darknet for the detecting black IPs. So, it was choosen to classification and analysis through source IP of daily darknet traffic. The proposed method prepared 8,192 destination IP addresses in darknet space and collected the darknet traffic during 1 months. It collected total 277,002,257 in 2016, August. An applied results of the proposed process were seen for an effectiveness of pre-detection for real attacks.
Similar content being viewed by others
References
Moore, D., Shannon, C., Voelker, G., Savage, S.: Network telescopes. Technical report, CAIDA (2004)
Yegneswaran, V., Barford, P., Plonka, D.: On the design and use of internet sinks for network abuse monitoring. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 146–165. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30143-1_8
Cooke, E., Bailey, M., Watson, D., Jahanian, F., Nazario, J.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS 2005, pp. 167–179 (2005)
Spitzner, L.: The Honeynet project: trapping the hackers. Mag. Secur. Priv. 99, 15–23 (2003)
Abbasi, F.H., Harris, R.J.: Experiences with a generation III virtual Honeynet. In: Telecommunication Networks and Applications Conference 2009, pp. 1–6. IEEE Press (2009)
Kim, H.S., Choi, S.-S., Song, J.: A methodology for multipurpose DNS Sinkhole analyzing double bounce emails. In: Lee, M., Hirose, A., Hou, Z.-G., Kil, R.M. (eds.) ICONIP 2013. LNCS, vol. 8226, pp. 609–616. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42054-2_76
Lee, H.-G., Choi, S.-S., Lee, Y.-S., Park, H.-S.: Enhanced Sinkhole system by improving post-processing mechanism. In: Kim, T., Lee, Y., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 469–480. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17569-5_46
Choi, S., Kim, S., Park, H.: A fusion framework of IDS alerts and darknet traffic for effective incident monitoring and response. Appl. Math. Inf. Sci. 11, 417–422 (2017)
Song, J., Choi, J.-W., Choi, S.-S.: A malware collection and analysis framework based on darknet traffic. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7664, pp. 624–631. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34481-7_76
Choi, S., Song, J., Kim, S., Kim, S.: A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic. Secur. Commun. Netw. 7, 1612–1621 (2013)
Ko, S., Kim, K., Lee, Y., Song, J.: A classification method of darknet traffic for advanced security monitoring and response. In: Loo, C.K., Yap, K.S., Wong, K.W., Beng Jin, A.T., Huang, K. (eds.) ICONIP 2014. LNCS, vol. 8836, pp. 357–364. Springer, Cham (2014). doi:10.1007/978-3-319-12643-2_44
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Park, J., Choi, J., Song, J. (2017). Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, ES. (eds) Neural Information Processing. ICONIP 2017. Lecture Notes in Computer Science(), vol 10638. Springer, Cham. https://doi.org/10.1007/978-3-319-70139-4_43
Download citation
DOI: https://doi.org/10.1007/978-3-319-70139-4_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70138-7
Online ISBN: 978-3-319-70139-4
eBook Packages: Computer ScienceComputer Science (R0)