Darknet Traffic Analysis and Classification Using Numerical AGM and Mean Shift Clustering Algorithm
作者: R. Niranjana , V. Anil Kumar , Shina Sheen
DOI: 10.1007/S42979-019-0016-X
关键词: SQL injection 、 Algorithm 、 The Internet 、 Traffic analysis 、 Internet Protocol 、 Attack patterns 、 Darknet 、 Cyberspace 、 Address space 、 Computer science
摘要: The cyberspace continues to evolve more complex than ever anticipated, and same is the case with security dynamics there. As our dependence on increasing day-by-day, regular systematic monitoring of has become very essential. A darknet one such framework for deducing malicious activities attack patterns in cyberspace. Darknet traffic spurious observed empty address space, i.e., a set globally valid Internet Protocol (IP) addresses which are not assigned any hosts or devices. In an ideal secure network system, no expected arrive IP space. However, reality, noticeable amount this space primarily due wide activities, attacks sometimes level misconfigurations. Analyzing finding distinct present them can be potential mechanism infer trends real network. paper, existing Basic Extended AGgregate Mode (AGM) data formats analysis studied efficient 29-tuple Numerical AGM format suitable analyzing source validated TCP connections (three-way handshake) proposed find using Mean Shift clustering algorithm. detected from clusters results providing traces various as Mirai bot, SQL attack, brute force. TCP, technique Cyber
springer.com
sci-hub.se 参考文章(21)
Edouard Lagache, Ryan Koga, Ken Keys, kc claffy, David Moore, Michael Tesch, The architecture of CoralReef: an Internet traffic monitoring software suite passive and active network measurement. ,(2001)
Alan Collins, Contemporary Security Studies ,(2010)
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046
J. A. Hartigan, M. A. Wong, A K-Means Clustering Algorithm Journal of The Royal Statistical Society Series C-applied Statistics. ,vol. 28, pp. 100- 108 ,(1979) , 10.2307/2346830
Qian Wang, Zesheng Chen, Chao Chen, Darknet-Based Inference of Internet Worm Temporal Characteristics IEEE Transactions on Information Forensics and Security. ,vol. 6, pp. 1382- 1393 ,(2011) , 10.1109/TIFS.2011.2161288
Yizong Cheng, Mean shift, mode seeking, and clustering IEEE Transactions on Pattern Analysis and Machine Intelligence. ,vol. 17, pp. 790- 799 ,(1995) , 10.1109/34.400568
Felix Iglesias, Tanja Zseby, Modelling IP darkspace traffic by means of clustering techniques. communications and networking symposium. pp. 166- 174 ,(2014) , 10.1109/CNS.2014.6997483
H. Hotelling, Analysis of a complex of statistical variables into principal components. Journal of Educational Psychology. ,vol. 24, pp. 498- 520 ,(1933) , 10.1037/H0071325
Tian Zhang, Raghu Ramakrishnan, Miron Livny, BIRCH: an efficient data clustering method for very large databases international conference on management of data. ,vol. 25, pp. 103- 114 ,(1996) , 10.1145/233269.233324
Sudipto Guha, Rajeev Rastogi, Kyuseok Shim, CURE Proceedings of the 1998 ACM SIGMOD international conference on Management of data - SIGMOD '98. ,vol. 27, pp. 73- 84 ,(1998) , 10.1145/276304.276312