Skip to main content

Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10638))

Included in the following conference series:

  • 4776 Accesses

Abstract

Recently, the community is recognizing to an importance of network vulnerability. Also, through the using this vulnerability, attackers can acquire the information of vulnerable users. Therefore, many researchers have been studying about a countermeasure of network vulnerabillty. In recent, the darknet is a received attention to research for detecting action of attackers. The means of darknet are formed a set of unused IP addresses and no real systems of connect to the darknet. In this paper, we proposed an using darknet for the detecting black IPs. So, it was choosen to classification and analysis through source IP of daily darknet traffic. The proposed method prepared 8,192 destination IP addresses in darknet space and collected the darknet traffic during 1 months. It collected total 277,002,257 in 2016, August. An applied results of the proposed process were seen for an effectiveness of pre-detection for real attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Similar content being viewed by others

References

  1. Moore, D., Shannon, C., Voelker, G., Savage, S.: Network telescopes. Technical report, CAIDA (2004)

    Google Scholar 

  2. Yegneswaran, V., Barford, P., Plonka, D.: On the design and use of internet sinks for network abuse monitoring. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 146–165. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30143-1_8

    Chapter  Google Scholar 

  3. Cooke, E., Bailey, M., Watson, D., Jahanian, F., Nazario, J.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS 2005, pp. 167–179 (2005)

    Google Scholar 

  4. Spitzner, L.: The Honeynet project: trapping the hackers. Mag. Secur. Priv. 99, 15–23 (2003)

    Article  Google Scholar 

  5. Abbasi, F.H., Harris, R.J.: Experiences with a generation III virtual Honeynet. In: Telecommunication Networks and Applications Conference 2009, pp. 1–6. IEEE Press (2009)

    Google Scholar 

  6. Kim, H.S., Choi, S.-S., Song, J.: A methodology for multipurpose DNS Sinkhole analyzing double bounce emails. In: Lee, M., Hirose, A., Hou, Z.-G., Kil, R.M. (eds.) ICONIP 2013. LNCS, vol. 8226, pp. 609–616. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42054-2_76

    Chapter  Google Scholar 

  7. Lee, H.-G., Choi, S.-S., Lee, Y.-S., Park, H.-S.: Enhanced Sinkhole system by improving post-processing mechanism. In: Kim, T., Lee, Y., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 469–480. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17569-5_46

    Chapter  Google Scholar 

  8. Choi, S., Kim, S., Park, H.: A fusion framework of IDS alerts and darknet traffic for effective incident monitoring and response. Appl. Math. Inf. Sci. 11, 417–422 (2017)

    Article  Google Scholar 

  9. Song, J., Choi, J.-W., Choi, S.-S.: A malware collection and analysis framework based on darknet traffic. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7664, pp. 624–631. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34481-7_76

    Chapter  Google Scholar 

  10. Choi, S., Song, J., Kim, S., Kim, S.: A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic. Secur. Commun. Netw. 7, 1612–1621 (2013)

    Google Scholar 

  11. Ko, S., Kim, K., Lee, Y., Song, J.: A classification method of darknet traffic for advanced security monitoring and response. In: Loo, C.K., Yap, K.S., Wong, K.W., Beng Jin, A.T., Huang, K. (eds.) ICONIP 2014. LNCS, vol. 8836, pp. 357–364. Springer, Cham (2014). doi:10.1007/978-3-319-12643-2_44

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jungsuk Song .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Park, J., Choi, J., Song, J. (2017). Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, ES. (eds) Neural Information Processing. ICONIP 2017. Lecture Notes in Computer Science(), vol 10638. Springer, Cham. https://doi.org/10.1007/978-3-319-70139-4_43

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70139-4_43

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70138-7

  • Online ISBN: 978-3-319-70139-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics