Investigating the dark cyberspace: Profiling, threat-based analysis and correlation

7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

Volumn , Issue , 2012, Pages

  Fachkha, Claude ^a   Bou Harb, Elias ^a   Boukhtouta, Amine ^a   Dinh, Son ^a   Iqbal, Farkhund ^a   Debbabi, Mourad ^a  

^a Concordia University ^*  (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION LAYER PROTOCOLS; CYBER THREATS; CYBERSPACES; DARKNET; DOMAIN NAMES; IN-DEPTH UNDERSTANDING; IP CLASS; RULE MINING TECHNIQUES; THREAT SCENARIOS;

INTERNET; INTERNET PROTOCOLS; NETWORK LAYERS;

SECURITY OF DATA;

EID: 84872083809     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CRISIS.2012.6378947     Document Type: Conference Paper

References (30)

1. Stephen Hinde. The law, cybercrime, risk assessment and cyber protection. Computers & Security, pages 90-95, 2003.
2. Public Safety Canada. Canada's Cyber Security Strategy, 2009. Available at: http://www.publicsafety.gc.ca/prg/ns/cbr/-fl/ccss-scc-eng.pdf.
3. Niels Provos. A virtual honeypot framework. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 1-1, Berkeley, CA, USA, 2004. USENIX Association.
4. David Moore, Colleen Shannon, Geoffrey M. Voelker, and Stefan Savage. Network telescopes: Technical report. pages 1-14, 2004.
5. Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson. The Internet motion sensor: A distributed blackhole monitoring system. In Proceedings of Network and Distributed System Security Symposium (NDSS'05), pages 1-13, San Diego, CA, February 2005.
6. Vinod Yegneswaran, Paul Barford, and Dave Plonka. On the design and use of internet sinks for network abuse monitoring. In Proceedings of the 7 th International Symposium on Recent Advances in Intrusion Detection (RAID, pages 146-165, 2004.
7. R. Pang, V. Yegneswaran, P. Barford, V. Paxson, and L. Peterson. Characteristics of internet background radiation. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, IMC '04, pages 27-40, New York, NY, USA, 2004. ACM.
8. Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, and Geoff Huston. Internet background radiation revisited. In Proceedings of the 10th annual conference on Internet measurement, IMC '10, pages 62-74, New York, NY, USA, 2010. ACM.
9. K. Fukuda, L.A.N. Amaral, and H.E. Stanley. Dynamics of temporal correlation in daily internet traffic. In Global Telecommunications Conference, GLOBECOM. IEEE, December 2003.
10. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. Inside the slammer worm. Security Privacy, IEEE, 1(4):33-39, July-August 2003.
11. David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage. Inferring internet denial-of-service activity. ACM Transactions on Computer Systems, 24:115-139, May 2006.
12. Mark Allman, Vern Paxson, and Jeff Terrell. A brief history of scanning. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement, IMC '07, pages 77-82, New York, NY, USA, 2007. ACM.
13. K. Fukuda, T. Hirotsu, O. Akashi, and T. Sugawara. Correlation among piecewise unwanted traffic time series. In Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE, pages 1 -5, December 2008.
14. Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, and Geoff Huston. Internet background radiation revisited. In Proceedings of the 10th annual conference on Internet measurement, IMC '10, pages 62-74, New York, NY, USA, 2010. ACM.
15. D. Sisalem, J. Kuthan, and S. Ehlert. Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms. Network, IEEE, 20(5):26-31, September-October 2006.
16. APWG. Global phishing survey: Trends and domain name use in 2h2011.
17. Microsoft Security TechCenter. Microsoft security bulletin ms09-018 - critical. Available at: http://technet.microsoft.com/en-us/security/bulletin/ MS09-018.
18. Saumil Shah. Top ten web attacks. Available at: http://www.blackhat.com/ presentations/bh-asia-02/bh-asia-02-shah.pdf .
19. Learn Security Online. MS terminal service cracking. Available at: http://www.carnal0wnage.com/papers/lso-ms-terminal-server-cracking.pdf.
20. Snort. Available at: http://www.snort.org.
21. The bro network security monitor. http://bro-ids.org/, last accessed on December 2011.
22. A. Thomas. Rapid: Reputation based approach for improving intrusion detection effectiveness. In Information Assurance and Security (IAS), 2010 Sixth International Conference on, pages 118 -124, August 2010.
23. National Institute of Standards and Technology (NIST)-National Cyber-Alert System. Vulnerability summary for cve-2007-2931, 2011. Available at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2931.
24. Sourcefire-Snort, 2011. Available at: http://www.snort.org/search/sid/ 587.
25. R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. ACM SIGMOD Record, 22(2):207-216, June 1993.
26. J. Han and J. Pei. Mining frequent patterns by pattern-growth: methodology and implications. ACM SIGKDD Explorations Newsletter, pages 14-20, December 2000.
27. M. J. Zaki. Scalable algorithms for association mining. IEEE Transactions of Knowledge and Data Engineering (TKDE), 12:372-390, 2000.
28. John D. Holt and Soon M. Chung. Efficient mining of association rules in text databases. In Proc. of the 8th ACM International Conference on Information and Knowledge Management (CIKM), pages 234-242, Kansas City, Missouri, United States, 1999.
29. Jiawei Han, Micheline Kamber, and Jian Pei. Data Mining: Concepts and Techniques (The Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann, 2nd edition, January 2006.
30. Mark A. Hall Ian H. Witten, Eibe Frank. Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann, Third edition, January 2011.