Investigating the dark cyberspace: Profiling, threat-based analysis and correlation
作者: Claude Fachkha , Elias Bou-Harb , Amine Boukhtouta , Son Dinh , Farkhund Iqbal
DOI: 10.1109/CRISIS.2012.6378947
关键词:
摘要: An effective approach to gather cyber threat intelligence is collect and analyze traffic destined unused Internet addresses known as darknets. In this paper, we elaborate on such capability by profiling darknet data. Such information could generate indicators of activity well providing in-depth understanding the nature its traffic. Particularly, packets distribution, used transport, network application layer protocols pinpoint resolved domain names. Furthermore, identify IP classes destination ports geo-locate source countries. We further investigate darknet-triggered threats. The aim explore embedded threats categorize their severities. Finally, contribute exploring inter-correlation threats, applying association rule mining techniques, build rules. Specifically, clusters that co-occur targeting a specific victim. work proves are correlated. Moreover, it provides insights about patterns allows interpretation scenarios.
sci-hub.se 参考文章(20)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vinod Yegneswaran, Paul Barford, Dave Plonka, On the Design and Use of Internet Sinks for Network Abuse Monitoring recent advances in intrusion detection. pp. 146- 165 ,(2004) , 10.1007/978-3-540-30143-1_8
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Mark A. Hall, Ian H. Witten, Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques ,(1999)
Jiawei Han, Jian Pei, Mining frequent patterns by pattern-growth ACM SIGKDD Explorations Newsletter. ,vol. 2, pp. 14- 20 ,(2000) , 10.1145/380995.381002
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Mark Allman, Vern Paxson, Jeff Terrell, A brief history of scanning Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07. pp. 77- 82 ,(2007) , 10.1145/1298306.1298316
Stephen Hinde, Feature: The law, cybercrime, risk assessment and cyber protection Computers & Security. ,vol. 22, pp. 90- 95 ,(2003) , 10.1016/S0167-4048(03)00203-7
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, Inside the Slammer worm ieee symposium on security and privacy. ,vol. 1, pp. 33- 39 ,(2003) , 10.1109/MSECP.2003.1219056