Using GRADE in situations of emergencies and urgencies: certainty in evidence and recommendations matters during the COVID-19 pandemic, now more than ever and no matter what

Along with the proliferation of IoT (Internet of Things) devices, cyberattacks towards these devices are on the rise. In this paper, we present a study on applying Association Rule Learning (ARL) to discover the regularities of these attacks from the big stream data collected on a large scale darknet. By exploring the regularities in IoT-related indicators such as destination ports, type of service (ToS), and TCP window sizes, we succeeded in discovering the activities of attacking hosts associated with well-known classes of malware programs. As a case study, we report an interesting observation of the attack campaigns before and after the first source code release of the well-known IoT malware Mirai. The experiments show that the proposed scheme is effective and efficient in early detection and tracking of activities of new malware on the Internet and hence induces a promising approach to automate and accelerate the identification and mitigation of new cyber threats.

show abstract

nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis

Inoue

Eto

Yoshioka

et al. 2008

View full text Add to dashboard Cite

We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the Worldwide Observatory of Malicious Behavior and Attack Tools (WOMBAT).

show abstract

A Darknet Traffic Analysis for IoT Malwares Using Association Rule Learning

Hashimoto

Ozawa

Ban

et al. 2018

Procedia Computer Science

View full text Add to dashboard Cite

Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets

Furutani

Ban

Nakazato

et al. 2014

View full text Add to dashboard Cite

In this work, we propose a method to discriminate backscatter caused by DDoS attacks from normal traffic. Since DDoS attacks are imminent threats which could give serious economic damages to private companies and public organizations, it is quite important to detect DDoS backscatter as early as possible. To do this, 11 features of port/IP information are defined for network packets which are sent within a short time, and these features of packet traffic are classified by Suppurt Vector Machine (SVM). In the experiments, we use TCP packets for the evaluation because they include control flags (e.g. SYN-ACK, RST-ACK, RST, ACK) which can give label information (i.e. backscatter or non-backscatter). We confirm that the proposed method can discriminate DDoS backscatter correctly from unknown darknet TCP packets with more than 90% accuracy.

show abstract

A neural network model for detecting DDoS attacks using darknet traffic features

Ali

Ozawa

Ban

et al. 2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Junji Nakazato

A study of IoT malware activities using association rule learning for darknet sensor data

nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis

A Darknet Traffic Analysis for IoT Malwares Using Association Rule Learning

Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets

A neural network model for detecting DDoS attacks using darknet traffic features

Contact Info

Product

Resources

About