Behavior Analysis of Long-term Cyber Attacks in the Darknet

Darknet monitoring provides us an effective way to countermeasure cyber attacks that pose a significant threat to network security and management. This paper aims to characterize the behavior of long term cyber attacks by mining the darknet traffic data collected by the nicter project. Machine learning techniques such as clustering, classification, function regression are applied to the study with promising results reported.

[1]  Mario Köppen,et al.  Advances in Neuro-Information Processing, 15th International Conference, ICONIP 2008, Auckland, New Zealand, November 25-28, 2008, Revised Selected Papers, Part I , 2009, International Conference on Neural Information Processing.

[2]  Grenville J. Armitage,et al.  Greynets: a definition and evaluation of sparsely populated darknets , 2005, MineNet '05.

[3]  Chin-Tser Huang,et al.  On the Benefits of Early Filtering of Botnet Unwanted Traffic , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[4]  Fredrick Mtenzi,et al.  Defending privacy: The development and deployment of a darknet , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[5]  Kensuke Fukuda,et al.  A PCA Analysis of Daily Unwanted Traffic , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[6]  Kensuke Fukuda,et al.  Correlation Among Piecewise Unwanted Traffic Time Series , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[7]  Vern Paxson,et al.  Towards Situational Awareness of Large-Scale Botnet Probing Events , 2011, IEEE Transactions on Information Forensics and Security.

[8]  J. Vinu,et al.  Realization of comprehensive Botnet inquisitive actions , 2012, 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET).

[9]  Koji Nakao,et al.  An Incident Analysis System NICTER and Its Analysis Engines Based on Data Mining Techniques , 2008, ICONIP.

[10]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[11]  K. Limthong,et al.  Wavelet-Based Unwanted Traffic Time Series Analysis , 2008, 2008 International Conference on Computer and Electrical Engineering.

[12]  George M. Mohay,et al.  A Novel Sliding Window Based Change Detection Algorithm for Asymmetric Traffic , 2008, 2008 IFIP International Conference on Network and Parallel Computing.

[13]  Grenville J. Armitage,et al.  Defining and Evaluating Greynets (Sparse Darknets) , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[14]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[15]  F. Jahanian,et al.  Practical Darknet Measurement , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[16]  Niels Provos,et al.  Data reduction for the scalable automated analysis of distributed darknet traffic , 2005, IMC '05.

[17]  Koji Nakao,et al.  Correlation Analysis between Spamming Botnets and Malware Infected Hosts , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.

[18]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.