Publication detail

Behavior Based Darknet Traffic Decomposition for Malicious Events Identification

ZHANG, R. ZHU, L. LI, X. PANG, S. SARRAFZADEH, A. KOMOSNÝ, D.

Original Title

Behavior Based Darknet Traffic Decomposition for Malicious Events Identification

English Title

Behavior Based Darknet Traffic Decomposition for Malicious Events Identification

Type

conference paper

Language

en

Original Abstract

This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: a) the activities within each group should be highly alike; b) the activities should have enough significance in terms of scan scale; and c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated.

English abstract

This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: a) the activities within each group should be highly alike; b) the activities should have enough significance in terms of scan scale; and c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated.

Keywords

Internet; Darknet; DDoS; Malicious; Events

Released

09.11.2015

ISBN

978-3-319-26555-1

Book

Neural Information Processing: 22nd International Conference, ICONIP 2015

Pages from

251

Pages to

260

Pages count

10

BibTex


@inproceedings{BUT141093,
  author="Ruibin {ZHANG} and Lei {ZHU} and Xiaosong {LI} and Shaoning {Pang} and Abdolhossein {SARRAFZADEH} and Dan {Komosný}",
  title="Behavior Based Darknet Traffic Decomposition for Malicious Events Identification",
  annote="This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: a) the activities within each group should be highly alike; b) the activities should have enough significance in terms of scan scale; and c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated.",
  booktitle="Neural Information Processing: 22nd International Conference, ICONIP 2015",
  chapter="141093",
  howpublished="online",
  year="2015",
  month="november",
  pages="251--260",
  type="conference paper"
}