A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic

Security and Communication Networks

Volumn 7, Issue 10, 2014, Pages 1612-1621

  Choi, Sang soo ^a   Song, Jungsuk ^a   Kim, Seokhun ^b   Kim, Sookyun ^c  

^a Korea Institute of Science and Technology Information (KISTI)   (South Korea)

^b Suwon Women's University   (South Korea)

^c PaiChai University   (South Korea)

Author keywords

Cyber threats trend; Darknet; Tracing potential attackers

Indexed keywords

CODES (SYMBOLS);

CYBER THREATS; DARKNET; MALICIOUS ACTIVITIES; MALICIOUS ATTACK; SECURITY MONITORING; SECURITY VULNERABILITIES; STATISTICAL INFORMATION; TRACING POTENTIAL ATTACKERS;

NETWORK SECURITY;

EID: 84908162673     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.796     Document Type: Article

References (35)

1. Denning DE. An intrusion detection model. IEEE Transactions on Software Engineering 1987; SE-13:222-232.
2. Julisch K. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security ACM Press, 2003; 6(4): 443-471.
3. Manganaris S, Christensen M, Zerkle D, Hermiz K. A Data Mining Analysis of RTID Alarms, Computer Networks, 34(4), Elsevier North-Holland, Inc: Amsterdam, 2000; 571-577.
4. Yu D, Frincke D. A novel framework for alert correlation and understanding, Proc. on ACNS 2004, LNCS 3089, 2004; 452-466.
5. Humphrey WN, Luo J. Using alert cluster to reduce IDS alerts, ICCIT2010, IEEE, 2010; 467-471.
6. Fu X, Shi J, Xie L. A novel data mining-based method for alert reduction and analysis. Journal of Networks 2010; 5(1):88-97.
7. Alharby A, Imai H. IDS false alarm reduction using continuous and discontinuous patterns, Proceedings of ACNS 2005, LNCS, 2005; 192-205.
8. Kwok HL, Lam FK. IDS false alarm filtering using KNN classifier, 5th International Workshop, WISA 2004, LNCS, 2004; 114-121.
9. Pietraszek T. Using adaptive alert classification to reduce false positives in intrusion detection, 7th International Symposium RAID 2004, LNCS, 2004; 102-124.
10. Bass T. Intrusion detection systems and multisensor data fusion. In Communications of the ACM, ACM Press: New York, NY, USA, 2000; 99-105.
11. Giacinto G, Perdisci R, Roli F. Alarm clustering for intrusion detection systems in computer networks, MLDM 2005, LNAI 3587, 2005; 184-193.
12. Treinen JJ, Thurimella R. A framework for the application of association rule mining in large intrusion detection infrastructures, RAID 2006, LNCS 4219, 2006; 1-18.
13. Portnoy L, Eskin E, Stolfo S. Intrusion detection with unlabeled data using clustering, In Proceedings of ACM CSS Workshop on Data Mining Applied to Security, ACM: Philadelphia, PA; USA, 2001.
14. Eskin E, Arnold A, Prerau M, Portnoy L, Stolfo S. A geometric framework for unsupervised anomaly detection: intrusion detection in unlabeled data, In Applications of Data Mining in Computer Security, Kluwer Academic: Boston; 2002.
15. Guan Y, Ghorbani A, Belacel N. Y-means: a clustering method for intrusion detection, In IEEE Canadian Conference on Electrical and Computer Engineering, Proceedings, 2003.
16. Li KL, Huang HK, Tian SF, Xu W. Improving one-class SVM for anomaly detection. International Conference on Machine Learning and Cybernetics 2003; 5:3077-3081.
17. Leung K, Leckie C. Unsupervised anomaly detection in network intrusion detection using clusters, ACSC2005, 2005.
18. Song J, Ohira K, Takakura H, Okabe Y, Kwon Y. A clustering method for improving performance of anomaly-based intrusion detection system. IEICE Transactions on Information and Communication System Security 2008; E91-D(5):1282-1291.
19. Song J, Takakura H, Kwon Y. A generalized feature extraction scheme to detect 0-day attacks via IDS alerts, The 2008 International Symposium on Applications and the Internet (SAINT2008), The IEEE CS Press, July - 1 Aug. 2008; 28: 51-56.
20. Lazarevic A, Ertoz L, Kumar V, Ozgur A, Srivastava J. A comparative study of anomaly detection schemes in network intrusion detection, In Proceedings of the Third SIAM International Conference on Data Mining, 2003.
21. Reza S, Ali A, Ghorbani A. Comparative study of unsupervised machine learning and data mining techniques for intrusion detection, MLDM 2007, LNAI 4571, 2007; 404-418.
22. Lance S. Honeypots: Tracking Hackers. Addison-Wesley, 2003.
23. The Honeynet Project, http://www.honeynet.org/.
24. Leita C, Mermoud K, Dacier M. Scriptgen: an automated script generation tool for honeyd, In Proceedings of the 21st Annual Computer Security Applications Conference, 2005.
25. Song J, Takakura H, Yasuo O. Cooperation of intelligent honeypots to detect unknown malicious codes, WISTDCS 2008, IEEE CS Press, 2008; 31-39.
26. HoneyTrap, http://honeytrap.mwcollect.org/.
27. Bailey M, Cooke E, Jahanian F, Nazario J, Watson D. The internet motion sensor: a distributed blackhole monitoring system, In Proceedings of the 12th ISOC Symposium on Network and Distributed Systems Security (NDSS), Citeseer, 2005; 167-179.
28. Moore D, Shannon C, Voelker GM, Savage S. Network telescopes, technical report. CAIDA, April 2004.
29. Bailey M, Cooke E, Jahanian F, Myrick A, Sinha S. Practical darknet measurement, In Information Sciences and Systems, 2006 40th Annual Conference, IEEE, 2007; 1496-1501.
30. Nakao K, Inoue D, Eto M, Yoshioka K. Practical correlation analysis between scan and malware profiles against zero-day attacks based on darknet monitoring. IEICE Transactions on Information and Systems 2009; 92(5):787-798.
31. Masashi E, Daisuke I, Song J, Junji N, Kazuhiro O, Nakao K. nicter: a large-scale network incident analysis system. In Workshop on development of large scale security-related data collection and analysis initiatives (BADGERS 2011), ACM: Salzburg, Austria, 10-13 April 2011; 37-45.
32. Choi SS, Kim SH, Park HS. An advanced security monitoring and response framework using darknet traffic, 2012 International Workshop on INFORMATION & SECURITY, 2012; 9-10.
33. Choi SS, Song JS, Park HS, Choi JK. An advanced incident response framework based on suspicious traffic. The Journal of Future Game Technology 2012; 2(2):171-176.
34. Choi SS, Kim SH, Park HS. A fusion framework of IDS alerts and darknet traffic for effective incident monitoring and response, Applied Mathematics & Information Sciences 2013.
35. Song J, Choi J, Choi S. A malware collection and Analysis framework based on darknet traffic, ICONIP2012, LNCS, 2012; 624-631.