Practical in-depth analysis of ids alerts for tracing and identifying potential attackers on darknet

Sustainability (Switzerland)

Volumn 9, Issue 2, 2017, Pages

  Song, Jungsuk ^a   Lee, Younsu ^a   Choi, Jang Won ^a   Gil, Joon Min ^b   Han, Jaekyung ^c   Choi, Sang Soo ^a  

^a Korea Institute of Science and Technology Information (KISTI)   (South Korea)

^b Catholic University of Daegu   (South Korea)

^c Kwangwoon University   (South Korea)

Author keywords

Darknet traffic; IDS alerts; In depth analysis; Potential attackers

Indexed keywords

DATA MANAGEMENT; EXPERIMENTAL STUDY; SOFTWARE; TREND ANALYSIS; WORLD WIDE WEB;

KOREA;

EID: 85013466843     PISSN: None     EISSN: 20711050     Source Type: Journal    
DOI: 10.3390/su9020262     Document Type: Article

References (28)

1. Choi, S.; Kim, S.; Park, H. An Advanced Security Monitoring and Response Framework Using Darknet Traffic. In Proceedings of the 2012 International Workshop on Information & Security, Tenerife, Spain, 2-5 December 2012; pp. 9-10.
2. Choi, S.; Song, J.; Park, H.; Choi, J. An Advanced Incident Response Framework Based on Suspicious Traffic. J. Future Game Technol. 2012, 2, 171-176.
3. Denning, D.E. An intrusion detection model. IEEE Trans. Softw. Eng. 1987, 2, 222-232.
4. Lina, W.C.; Keb, S.W.; Tsai, C.F. CANN: An intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 2015, 78, 13-21.
5. Kuanga, F.; Xua, W.; Zhang, S. A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 2014, 18, 178-184.
6. Elhaga, S.; Fernándezb, A.; Bawakidc, A.; Alshomranic, S.; Herrera, F. On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems. Expert Syst. Appl. 2015, 42, 193-202.
7. Hu, W.; Gao, J.; Wang, Y.; Wu, O.; Maybank, S. Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection. IEEE Trans. Cybern. 2014, 44, 66-82.
8. El-Semary, A.M.; Mostafa, M.G.M. Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques. J. Inf. Process. Syst. 2010, 6, 481-500.
9. Kim, B.J.; Kim, I.K. Robust Real-Time Intrusion Detection System. J. Inf. Process. Syst. 2005, 1, 9-13.
10. Ponomarchuk, Y.; Seo, D. Intrusion Detection based on Traffic Analysis and Fuzzy Inference System in Wireless Sensor Networks. J. Converg. 2010, 1, 35-42.
11. Jingle, I.D.J.; Rajsingh, E.B. ColShield: An effective and collaborative protection shield for the detection and prevention of collaborative flooding of DDoS attacks in wireless mesh networks. Hum.-Centric Comput. Inf. Sci. 2014, 4, 1-19.
12. Song, J.; Takakura, H.; Kwon, Y. A Generalized Feature Extraction Scheme to Detect 0-Day Attacks via IDS Alerts. In Proceedings of the International Symposium on Applications and the Internet, Turku, Finland, 28 July-1 August 2008; The IEEE CS Press: Washington, DC, USA, 2008; pp. 51-56.
13. Choi, S.; Song, J.; Kim, S.; Kim, S. A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic. Secur. Commun. Netw. 2014, 7, 1612-1621.
14. Song, J.; Lee, Y.; Choi, J.; Gil, J.; Choi, S. An In-Depth Analysis Methodology of IDS Alerts for Identifying Potential Cyber Threats on Darknet. In Proceedings of the International Conference on Future Information Technology, Applications and Services, Seoul, Korea, 20-22 October 2016; pp. 35-37.
15. TMS (Threat Management System). Available online: http://www.kornicglory.co.kr/default/product/security/solution/tess_tms.php (accessed on 10 February 2017).
16. SNORT. Available online: https://www.snort.org (accessed on 10 February 2017).
17. Nakao, K.; Inoue, D.; Eto, M.; Yoshioka, K. Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring. IEICE Trans. Inf. Syst. 2009, 92, 787-798.
18. Eto, M.; Inoue, D.; Song, J.; Nakazato, J.; Ohtaka, K.; Nakao, K. nicter: A Large-Scale Network Incident Analysis System. In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Salzburg, Austria, 10 April 2011; ACM: New York, NY, USA, 2011; pp. 37-45.
19. Ban, T.; Eto, M.; Guo, S.; Inoue, D.; Nakao, K.; Huang, R. A Study on Association Rule Mining of Darknet Big Data. In Proceedings of the 2015 International Joint Conference on Neural Networks (IJCNN), Killarney, Ireland, 12-17 July 2015.
20. Bailey, M.; Cooke, E.; Jahanian, F.; Nazario, J.; Watson, D. The Internet Motion Sensor: A distributed blackhole monitoring system. In Proceedings of the 12th ISOC Symposium on Network and Distributed Systems Security, San Diego, CA, USA, 3-4 February 2005; pp. 67-179.
21. Moore, D.; Shannon, C.; Voelker, G.M.; Savage, S. Network Telescopes: Technical Report. 2004. Available online: http://ants.iis.sinica.edu.tw/3bkmj9ltewxtsrrvnoknfdxrm3zfwrr/17/tr-2004-04.pdf (accessed on 10 February 2017).
22. Bailey, M.; Cooke, E.; Jahanian, F.; Myrick, A.; Sinha, S. Practical darknet measurement. In Proceedings of the 2006 40th Annual Conference on Information Sciences and Systems, Princeton, NJ, USA, 22-24 March 2006.
23. Fachkha, C.; Bou-Harb, E.; Debbabi, M. Inferring distributed reflection denial of service attacks from darknet. Comput. Commun. 2015, 62, 59-71.
24. Bhanu, S.; Khilari, G.; Kumar, V. Analysis of SSH attacks of Darknet using Honeypots. Int. J. Eng. Dev. Res. 2014, 3, 348-350.
25. Furutani, N.; Ban, T.; Nakazato, J.; Shimamura, J.; Kitazono, J.; Ozawa, S. Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets. In Proceedings of the 9th Asia Joint Conference on Information Security, Wuhan, China, 3-5 September 2014.
26. Pang, S.; Komosny D.; Zhu, L.; Zhang, R.; Sarrafzadeh, A.; Ban, T.; Inoue, D. Malicious Events Grouping via Behavior Based Darknet Traffic Flow Analysis. Wirel. Pers. Commun. 2016, doi:10.1007/s11277-016-3744-4.
27. Liu, J.; Fukuda, K. Towards a taxonomy of darknet traffic. In Proceedings of the International Wireless Communications and Mobile Computing Conference, Nicosia, Cyprus, 4-8 August 2014.
28. Virustotal. Available online: https://www.virustotal.com (accessed on 10 February 2017).