Abstract
Darknet monitoring provides us an effective way to countermeasure cyber attacks that pose a significant threat to network security and management. This paper aims to characterize the behavior of long term cyber attacks by mining the darknet traffic data collected by the nicter project. Machine learning techniques such as clustering, classification, function regression are applied to the study with promising results reported.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Herve, D., Marc, D., Andrea, W.: Towards a taxonomy of intrusion-detection systems. Computer Networks 31(8), 805–822 (1999)
Nakao, K., Yoshioka, K., Inoue, D., Eto, M.: A novel concept of network incident analysis based on multi-layer ovservation of malware activities. In: The 2nd Joint Workshop on Information Security (JWIS 2007), pp. 267–279 (2007)
Inoue, D., Yoshioka, K., Eto, M., Yamagata, M., Nishino, E., Takeuchi, J., Ohkouchi, K., Nakao, K.: An Incident Analysis System NICTER and Its Analysis Engines Based on Data Mining Techniques. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 579–586. Springer, Heidelberg (2009)
Harrop, W., Armitage, G.J.: Defining and evaluating greynets (sparse darknets). In: LCN 2005 (2005)
Markoff, J.: Worms infects millions of computers worldwide. New York Times (2009)
Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K., Watson, D.: Data reduction for the scalable automated analysis of distributed darknet traffic. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, IMC 2005, p. 21. USENIX Association, Berkeley (2005)
Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical darknet measurement. In: 2006 40th Annual Conference on Information Sciences and Systems, pp. 1496–1501 (March 2006)
Song, J., Shimamura, J., Eto, M., Inoue, D., Nakao, K.: Correlation analysis between spamming botnets and malware infected hosts. In: 2011 IEEE/IPSJ 11th International Symposium on Applications and the Internet (SAINT), pp. 372–375 (July 2011)
Fukuda, K., Hirotsu, T., Akashi, O., Sugawara, T.: Correlation among piecewise unwanted traffic time series. In: IEEE Global Telecommunications Conference, GLOBECOM 2008, November 30-December 4, pp. 1–5 (2008)
Fukuda, K., Hirotsu, T., Akashi, O., Sugawara, T.: A pca analysis of daily unwanted traffic. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 377–384 (April 2010)
Vinu, J., Theepak, T.: Realization of comprehensive botnet inquisitive actions. In: 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), pp. 915–921 (March 2012)
Limthong, K., Kensuke, F., Watanapongse, P.: Wavelet-based unwanted traffic time series analysis. In: International Conference on Computer and Electrical Engineering, ICCEE 2008, pp. 445–449 (December 2008)
McManamon, C., Mtenzi, F.: Defending privacy: The development and deployment of a darknet. In: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 1–6 (Novemeber 2010)
Li, Z., Goyal, A., Chen, Y., Paxson, V.: Towards situational awareness of large-scale botnet probing events. IEEE Transactions on Information Forensics and Security 6, 175–188 (2011)
Ahmed, E., Clark, A., Mohay, G.: A novel sliding window based change detection algorithm for asymmetric traffic. In: IFIP International Conference on Network and Parallel Computing, NPC 2008, pp. 168–175 (October 2008)
Kalakota, P., Huang, C.-T.: On the benefits of early filtering of botnet unwanted traffic. In: Proceedings of 18th International Conference on Computer Communications and Networks, ICCCN 2009, pp. 1–6 (August 2009)
Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer (1995)
Chang, C.-C., Lin, C.-J.: Libsvm: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2, 27:1–27:27 (2011), Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K. (2012). Behavior Analysis of Long-term Cyber Attacks in the Darknet. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds) Neural Information Processing. ICONIP 2012. Lecture Notes in Computer Science, vol 7667. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34500-5_73
Download citation
DOI: https://doi.org/10.1007/978-3-642-34500-5_73
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34499-2
Online ISBN: 978-3-642-34500-5
eBook Packages: Computer ScienceComputer Science (R0)