Sensing the Noise: Uncovering Communities in Darknet Traffic
作者: Francesca Soro , Mauro Allegretta , Marco Mellia , Idilio Drago , Leandro M. Bertholdo
DOI: 10.1109/MEDCOMNET49392.2020.9191555
关键词:
摘要: Darknets are ranges of IP addresses advertised without answering any traffic. help to uncover interesting network events, such as misconfigurations and scans. Interpreting darknet traffic helps against cyber-attacks – e.g., malware often reaches darknets when scanning the Internet for vulnerable devices. The reaching is however voluminous noisy, which calls efficient ways represent data highlight possibly important events. This paper evaluates a methodology summarize packets darknets. We activity graph, captures remote hosts contacting nodes ports, well frequency at each port reached. From these representations, we apply community detection algorithms in search patterns that could coordinated activity. By highlighting activities able group together, example, groups predominantly engage specific targets, or, vice versa, identify targets frequently contacted exploiting vulnerabilities given service. analyst can recognize from results, has been infected by botnet it currently services (e.g., SSH Telnet among most commonly targeted). Such piece information impossible obtain analyzing behavior single sources, or one one. All all, our work first step towards comprehensive aggregation automate analysis traffic, fundamental aspect recognition anomalous
narcis.nl参考文章(23)
Farnaz Moradi, Tomas Olovsson, Philippas Tsigas, An Evaluation of Community Detection Algorithms on Large-Scale Email Traffic Experimental Algorithms. pp. 283- 294 ,(2012) , 10.1007/978-3-642-30850-5_25
Alberto Dainotti, Karyn Benson, Alistair King, Bradley Huffaker, Eduard Glatz, Xenofontas Dimitropoulos, Philipp Richter, Alessandro Finamore, Alex C. Snoeren, Lost in Space: Improving Inference of IPv4 Address Space Utilization IEEE Journal on Selected Areas in Communications. ,vol. 34, pp. 1862- 1876 ,(2016) , 10.1109/JSAC.2016.2559218
Claude Fachkha, Elias Bou-Harb, Mourad Debbabi, Inferring distributed reflection denial of service attacks from darknet Computer Communications. ,vol. 62, pp. 59- 71 ,(2015) , 10.1016/J.COMCOM.2015.01.016
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Karyn Benson, Alberto Dainotti, kc claffy, Alex C. Snoeren, Michael Kallitsis, Leveraging Internet Background Radiation for Opportunistic Network Analysis internet measurement conference. pp. 423- 436 ,(2015) , 10.1145/2815675.2815702
Jean-Pierre van Riel, Barry Irwin, InetVis, a visual tool for network telescope traffic analysis Proceedings of the 4th international conference on Computer graphics, virtual reality, visualisation and interaction in Africa - Afrigaph '06. pp. 85- 89 ,(2006) , 10.1145/1108590.1108604
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage, Inferring Internet denial-of-service activity ACM Transactions on Computer Systems. ,vol. 24, pp. 115- 139 ,(2006) , 10.1145/1132026.1132027
Cynthia Phillips, Laura Painton Swiler, None, A graph-based system for network-vulnerability analysis new security paradigms workshop. pp. 71- 79 ,(1998) , 10.1145/310889.310919
W. Harrop, G. Armitage, Defining and Evaluating Greynets (Sparse Darknets) local computer networks. pp. 344- 350 ,(2005) , 10.1109/LCN.2005.46
Usha Nandini Raghavan, Réka Albert, Soundar Kumara, Near linear time algorithm to detect community structures in large-scale networks. Physical Review E. ,vol. 76, pp. 036106- 036106 ,(2007) , 10.1103/PHYSREVE.76.036106