Abstract | ||
---|---|---|
This paper proposes a host (corresponding to a source IP) behavior based traffic decomposition approach to identify groups of malicious events from massive historical darknet traffic. In our approach, we segmented and extracted traffic flows from captured darknet data, and categorized flows according to a set of rules that summarized from host behavior observations. Finally, significant events are appraised by three criteria: (a) the activities within each group should be highly alike; (b) the activities should have enough significance in terms of scan scale; and (c) the group should be large enough. We applied the approach on a selection of twelve months darknet traffic data for malicious events detection, and the performance of the proposed method has been evaluated. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1007/978-3-319-26555-1_29 | Lecture Notes in Computer Science |
Field | DocType | Volume |
Computer science,Darknet,Computer security | Conference | 9491 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
8 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ruibin Zhang | 1 | 10 | 1.60 |
Lei Zhu | 2 | 6 | 2.21 |
Xiaosong Li | 3 | 5 | 2.88 |
Shaoning Pang | 4 | 711 | 52.69 |
Abdolhossein Sarrafzadeh | 5 | 134 | 22.64 |
Dan Komosny | 6 | 52 | 11.09 |