Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis

Chansu Han; Akira Tanaka; Jun’ichi Takeuchi; Takeshi Takahashi; Tomohiro Morikawa; Tsung-Nan Lin

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis

Topics: AI and Machine Learning for Security

In Proceedings of the 9th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 617-625, 2023 , Lisbon, Portugal

Authors: Chansu Han ¹ ; Akira Tanaka ¹ ; Jun’ichi Takeuchi ² ; Takeshi Takahashi ¹ ; Tomohiro Morikawa ³ and Tsung-Nan Lin ⁴

Affiliations: ¹ National Institute of Information and Communications Technology, Tokyo, Japan ; ² Kyushu University, Fukuoka, Japan ; ³ University of Hyogo, Hyogo, Japan ; ⁴ National Taiwan University, Taipei, Taiwan, Republic of China

Keyword(s): Darknet Analysis, Scanning Campaign, Tracing, Non-Negative Matrix Factorization.

Abstract: The darknet is an unused IP address space that can be an effective resource for observing and analyzing global indiscriminate scanning attacks. Scanning traffic on the darknet has expanded dramatically in recent years and numerous constant scans for investigative purposes have been observed. This is problematic because the investigative scans identified by naive rules account for about 60% of the total observed traffic. In earlier work, we detected malware-caused indiscriminate scanning for attack purposes from darknet data by means of anomaly detection methods, but the large amount of activity from investigation-purpose indiscriminate scans led to false positives. We have therefore developed a new method for tracing scanning campaigns. By distinguishing whether the campaign being traced is for attack or investigation purposes, we aim to reduce the number of false positives and improve anomaly detection accuracy. We also intend to clarify the actual state of constant scanner groups b y tracing them. In this work, we describe the proposed method, implement a prototype, and conduct experiments on real darknet data to investigate the feasibility of tracing scanning campaigns. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.226.28.197

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Han, C.; Tanaka, A.; Takeuchi, J.; Takahashi, T.; Morikawa, T. and Lin, T. (2023). Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-624-8; ISSN 2184-4356, SciTePress, pages 617-625. DOI: 10.5220/0011769300003405

@conference{icissp23,
author={Chansu Han. and Akira Tanaka. and Jun’ichi Takeuchi. and Takeshi Takahashi. and Tomohiro Morikawa. and Tsung{-}Nan Lin.},
title={Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP},
year={2023},
pages={617-625},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011769300003405},
isbn={978-989-758-624-8},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - ICISSP
TI - Towards Long-Term Continuous Tracing of Internet-Wide Scanning Campaigns Based on Darknet Analysis
SN - 978-989-758-624-8
IS - 2184-4356
AU - Han, C.
AU - Tanaka, A.
AU - Takeuchi, J.
AU - Takahashi, T.
AU - Morikawa, T.
AU - Lin, T.
PY - 2023
SP - 617
EP - 625
DO - 10.5220/0011769300003405
PB - SciTePress