Skip to main content
SpringerLink
Log in
Book cover

International Conference on Neural Information Processing

ICONIP 2012: Neural Information Processing pp 620–628Cite as

Behavior Analysis of Long-term Cyber Attacks in the Darknet

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7667))

Abstract

Darknet monitoring provides us an effective way to countermeasure cyber attacks that pose a significant threat to network security and management. This paper aims to characterize the behavior of long term cyber attacks by mining the darknet traffic data collected by the nicter project. Machine learning techniques such as clustering, classification, function regression are applied to the study with promising results reported.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Herve, D., Marc, D., Andrea, W.: Towards a taxonomy of intrusion-detection systems. Computer Networks 31(8), 805–822 (1999)

    Article  Google Scholar 

  2. Nakao, K., Yoshioka, K., Inoue, D., Eto, M.: A novel concept of network incident analysis based on multi-layer ovservation of malware activities. In: The 2nd Joint Workshop on Information Security (JWIS 2007), pp. 267–279 (2007)

    Google Scholar 

  3. Inoue, D., Yoshioka, K., Eto, M., Yamagata, M., Nishino, E., Takeuchi, J., Ohkouchi, K., Nakao, K.: An Incident Analysis System NICTER and Its Analysis Engines Based on Data Mining Techniques. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 579–586. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Harrop, W., Armitage, G.J.: Defining and evaluating greynets (sparse darknets). In: LCN 2005 (2005)

    Google Scholar 

  5. Markoff, J.: Worms infects millions of computers worldwide. New York Times (2009)

    Google Scholar 

  6. Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K., Watson, D.: Data reduction for the scalable automated analysis of distributed darknet traffic. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, IMC 2005, p. 21. USENIX Association, Berkeley (2005)

    Google Scholar 

  7. Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical darknet measurement. In: 2006 40th Annual Conference on Information Sciences and Systems, pp. 1496–1501 (March 2006)

    Google Scholar 

  8. Song, J., Shimamura, J., Eto, M., Inoue, D., Nakao, K.: Correlation analysis between spamming botnets and malware infected hosts. In: 2011 IEEE/IPSJ 11th International Symposium on Applications and the Internet (SAINT), pp. 372–375 (July 2011)

    Google Scholar 

  9. Fukuda, K., Hirotsu, T., Akashi, O., Sugawara, T.: Correlation among piecewise unwanted traffic time series. In: IEEE Global Telecommunications Conference, GLOBECOM 2008, November 30-December 4, pp. 1–5 (2008)

    Google Scholar 

  10. Fukuda, K., Hirotsu, T., Akashi, O., Sugawara, T.: A pca analysis of daily unwanted traffic. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 377–384 (April 2010)

    Google Scholar 

  11. Vinu, J., Theepak, T.: Realization of comprehensive botnet inquisitive actions. In: 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), pp. 915–921 (March 2012)

    Google Scholar 

  12. Limthong, K., Kensuke, F., Watanapongse, P.: Wavelet-based unwanted traffic time series analysis. In: International Conference on Computer and Electrical Engineering, ICCEE 2008, pp. 445–449 (December 2008)

    Google Scholar 

  13. McManamon, C., Mtenzi, F.: Defending privacy: The development and deployment of a darknet. In: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 1–6 (Novemeber 2010)

    Google Scholar 

  14. Li, Z., Goyal, A., Chen, Y., Paxson, V.: Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security 6, 175–188 (2011)

    Article  Google Scholar 

  15. Ahmed, E., Clark, A., Mohay, G.: A novel sliding window based change detection algorithm for asymmetric traffic. In: IFIP International Conference on Network and Parallel Computing, NPC 2008, pp. 168–175 (October 2008)

    Google Scholar 

  16. Kalakota, P., Huang, C.-T.: On the benefits of early filtering of botnet unwanted traffic. In: Proceedings of 18th International Conference on Computer Communications and Networks, ICCCN 2009, pp. 1–6 (August 2009)

    Google Scholar 

  17. Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer (1995)

    Google Scholar 

  18. Chang, C.-C., Lin, C.-J.: Libsvm: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2, 27:1–27:27 (2011), Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Information and Communications Technology, 4-2-1 Nukui-Kitamachi, Tokyo, 184-8795, Japan

    Tao Ban, Lei Zhu, Junpei Shimamura, Shaoning Pang, Daisuke Inoue & Koji Nakao

Authors
  1. Tao Ban
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junpei Shimamura
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shaoning Pang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Daisuke Inoue
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Koji Nakao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Texas A&M University at Qatar, Education City, P.O. Box 23874, Doha, Qatar

    Tingwen Huang

  2. Department of Control Science and Engineering, Huazhong University of Science and Technology, 1037 Luoyu Road, 430074, Wuhan, Hubei, China

    Zhigang Zeng

  3. College of Computer Science, Chongqing University, 174 Shazhengjie Street, 400044, Chongqing, China

    Chuandong Li

  4. Department of Electronic Engineering, City University of Hong Kong, 83 Tat Chee Avenue, Kowloon, Hong Kong, China

    Chi Sing Leung

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K. (2012). Behavior Analysis of Long-term Cyber Attacks in the Darknet. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds) Neural Information Processing. ICONIP 2012. Lecture Notes in Computer Science, vol 7667. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34500-5_73

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34500-5_73

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34499-2

  • Online ISBN: 978-3-642-34500-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation