Abstract
This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: (a) the activities within each group should be highly alike; (b) the activities should have enough significance in terms of scan scale; and (c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated.
Cite
CITATION STYLE
Zhang, R., Zhu, L., Li, X., Pang, S., Sarrafzadeh, A., & Komosny, D. (2015). Behavior based darknet traffic decomposition for malicious events identification. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9491, pp. 251–260). Springer Verlag. https://doi.org/10.1007/978-3-319-26555-1_29
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
