Large-scale monitoring for cyber attacks by using cluster information on darknet traffic features

1Citations
Citations of this article
48Readers
Mendeley users who have this article in their library.

Abstract

This paper presents a machine learning approach to large-scale monitoring for malicious activities on Internet. In the proposed system, network packets sent from a subnet to a darknet (i.e., a set of unused IPs) are collected, and they are transformed into 27-dimensional TAP (Traffic Analysis Profile) feature vectors. Then, a hierarchical clustering is performed to obtain clusters for typical malicious behaviors. In the monitoring phase, the malicious activities in a subnet are estimated from the closest TAP feature cluster. Then, such TAP feature clusters for all subnets are visualized on the proposed monitoring system in real time. In the experiment, we use a big data set of 303,733,994 darknet packs collected from February 1st to February 28th, 2014 (28 days) for monitoring. As a result, we can successfully detect an indication of the pandemic of a new malware, which attacked to the vulnerability of Synology NAS (port 5,000/TCP).

Cite

CITATION STYLE

APA

Nishikaze, H., Ozawa, S., Kitazono, J., Ban, T., Nakazato, J., & Shimamura, J. (2015). Large-scale monitoring for cyber attacks by using cluster information on darknet traffic features. In Procedia Computer Science (Vol. 53, pp. 175–182). Elsevier B.V. https://doi.org/10.1016/j.procs.2015.07.292

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free