Practical darknet traffic analysis: Methods and case studies
作者: Tao Ban , Daisuke Inoue
DOI: 10.1109/UIC-ATC.2017.8397445
关键词: The Internet 、 Cyberspace 、 Computer security 、 Service (systems architecture) 、 Computer science 、 End user 、 Resilience (network) 、 Malware 、 Darknet 、 Traffic analysis
摘要: The malicious activities of emerging malware programs spread over the Internet have caused significant damages to infrastructures as well end users' digital assets. monitoring routed but unused IP address spaces, namely, a darknet, provides cost-effective way monitor global cyber-threats in Internet. By large, distributed, global-scale NICTER project has been analyzing, reporting, and mitigating tremendous cyberspace for more than decade. In this paper, we present recent advances at with focus on newly developed data mining engines lying its core. Cases studies range from host-level analysis group-level analysis, where technologies brought into service improved system resilience automated security operation.
sci-hub.se 参考文章(18)
Daisuke Inoue, Katsunari Yoshioka, Masashi Eto, Masaya Yamagata, Eisuke Nishino, Jun’ichi Takeuchi, Kazuya Ohkouchi, Koji Nakao, An incident analysis system NICTER and its analysis engines based on data mining techniques international conference on neural information processing. pp. 579- 586 ,(2008) , 10.1007/978-3-642-02490-0_71
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Erwan Le Malécot, Daisuke Inoue, The Carna Botnet Through the Lens of a Network Telescope foundations and practice of security. pp. 426- 441 ,(2013) , 10.1007/978-3-319-05302-8_26
Tao Ban, Masashi Eto, Shanqing Guo, Daisuke Inoue, Koji Nakao, Runhe Huang, A study on association rule mining of darknet big data international joint conference on neural network. pp. 1- 7 ,(2015) , 10.1109/IJCNN.2015.7280818
Uli Harder, Matt W. Johnson, Jeremy T. Bradley, William J. Knottenbelt, Observing Internet Worm and Virus Attacks with a Small Network Telescope Electronic Notes in Theoretical Computer Science. ,vol. 151, pp. 47- 59 ,(2006) , 10.1016/J.ENTCS.2006.03.011
Jiawei Han, Jian Pei, Yiwen Yin, Mining frequent patterns without candidate generation international conference on management of data. ,vol. 29, pp. 1- 12 ,(2000) , 10.1145/335191.335372
C. Leita, V.H. Pham, O. Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, M. Dacier, The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing. pp. 40- 57 ,(2008) , 10.1109/WISTDCS.2008.8
Karyn Benson, Alberto Dainotti, kc Claffy, Emile Aben, Gaining insight into AS-level outages through analysis of internet background radiation acm special interest group on data communication. pp. 63- 64 ,(2012) , 10.1145/2413247.2413285
Thomas Hyslip, Jason Pittman, A Survey of Botnet Detection Techniques by Command and Control Infrastructure The Journal of Digital Forensics, Security and Law. ,vol. 10, pp. 7- 26 ,(2015) , 10.15394/JDFSL.2015.1195
Christian Borgelt, Frequent item set mining Wiley Interdisciplinary Reviews-Data Mining and Knowledge Discovery. ,vol. 2, pp. 437- 456 ,(2012) , 10.1002/WIDM.1074