Adaptive DDoS-Event Detection from Big Darknet Traffic Data

Furutani, Nobuaki; Kitazono, Jun; Ozawa, Seiichi; Ban, Tao; Nakazato, Junji; Shimamura, Jumpei

doi:10.1007/978-3-319-26561-2_45

Cited by 4 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, figures 3 shows a typical DDoS attack and a typical scanning activity. We discovered that a darknet traffic pattern can be successfully described by the following 17 features related to the statistics of darknet packets [22]:…”

Section: Case Study: Darknet Analysis To Capture Malicious Cyber-attamentioning

confidence: 99%

Computational Intelligence in the Time of Cyber-Physical Systems and the Internet of Things

Alippi

Ozawa

2019

Artificial Intelligence in the Age of Neural Networks and Brain Computing

Self Cite

View full text Add to dashboard Cite

The emergence of non-trivial embedded sensor units and cyberphysical systems and the Internet of Things has made possible the design and implementation of sophisticated applications where large amounts of real-time data are collected, possibly to constitute a big data picture as time passes. Within this framework, intelligence mechanisms based on machine learning, neural networks and brain computing approaches play a key role to provide systems with advanced functionalities. Intelligent mechanisms are needed to guarantee appropriate performances within an evolving, time variant environment, optimally harvest the available and manage the residual energy, reduce the energy consumption of the whole system, identify and mitigate occurrence of faults, provide shields against cyber-attacks. The chapter introduces the above aspects of intelligence, whose functionalities are needed to boost the next generation of cyber-physical and Internet of Things applications, smart world generation whose footprint is already around us.

show abstract

Section: Case Study: Darknet Analysis To Capture Malicious Cyber-attamentioning

confidence: 99%

Computational Intelligence in the Time of Cyber-Physical Systems and the Internet of Things

Alippi

Ozawa

2019

Artificial Intelligence in the Age of Neural Networks and Brain Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…[17]. Reference [14] discussed adaptive detection for DDoS event in darknet traffic. Reference [2] provided a longitudinal examination of scanning activities observed over 12.5 years.…”

Section: Related Workmentioning

confidence: 99%

“…The output types of iatmon (iatmon Src Type #) indicate: (0) TCP port scan; (1) UDP port scan; (2) TCP network scan; (3) UDP network scan; (4) ICMP only; (5) TCP one flow; (6) UDP one flow; (7) Backscatter; (8) 1 or 2 packets; (9) both TCP and UDP; (10) TCP unknown; (11) UDP unknown; (12) µTorrent; (13) Conficker P2P; (14) Unclassified. The numbers separated by the slash "/" in each cell represent the number of sources labeled by both the taxonomy and iatmon in dataset I and II, respectively.…”

Section: Comparison With Iatmonmentioning

confidence: 99%

An Evaluation of Darknet Traffic Taxonomy

Fukuda

2018

Journal of Information Processing

View full text Add to dashboard Cite

Abstract:To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences.

show abstract