WEKO3
-
RootNode
アイテム
An Evaluation of Darknet Traffic Taxonomy
https://ipsj.ixsq.nii.ac.jp/records/185854
https://ipsj.ixsq.nii.ac.jp/records/18585468cc941a-a6c9-4942-a2fe-6bd2c8f9fc27
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL5902033.pdf (590.5 kB)
|
Copyright (c) 2018 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2018-02-15 | |||||||||
| タイトル | ||||||||||
| タイトル | An Evaluation of Darknet Traffic Taxonomy | |||||||||
| タイトル | ||||||||||
| 言語 | en | |||||||||
| タイトル | An Evaluation of Darknet Traffic Taxonomy | |||||||||
| 言語 | ||||||||||
| 言語 | eng | |||||||||
| キーワード | ||||||||||
| 主題Scheme | Other | |||||||||
| 主題 | [特集:ネットワークサービスと分散処理] evaluation, taxonomy, darknet traffic, anomaly | |||||||||
| 資源タイプ | ||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||
| 資源タイプ | journal article | |||||||||
| 著者所属 | ||||||||||
| The Graduate University for Advanced Studies | ||||||||||
| 著者所属 | ||||||||||
| The Graduate University for Advanced Studies/National Institute of Informatics | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| The Graduate University for Advanced Studies | ||||||||||
| 著者所属(英) | ||||||||||
| en | ||||||||||
| The Graduate University for Advanced Studies / National Institute of Informatics | ||||||||||
| 著者名 |
Jun, Liu
× Jun, Liu
× Kensuke, Fukuda
|
|||||||||
| 著者名(英) |
Jun, Liu
× Jun, Liu
× Kensuke, Fukuda
|
|||||||||
| 論文抄録 | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.26(2018) (online) DOI http://dx.doi.org/10.2197/ipsjjip.26.148 ------------------------------ |
|||||||||
| 論文抄録(英) | ||||||||||
| 内容記述タイプ | Other | |||||||||
| 内容記述 | To enhance Internet security, researchers have largely emphasized diverse cyberspace monitoring approaches to observe cyber attacks and anomalies. Among them darknet provides an effective passive monitoring one. Darknets refer to the globally routable but still unused IP address spaces. They are often used to monitor unexpected incoming network traffic, and serve as an effective network traffic measurement approach for viewing certain remote network security activities. Previous works in this field discussed possible causes (i.e., anomalies) of darknet traffic and applied their classification schemes on short-term traces. Our interest lies, however, in how darknet traffic has evolved and the effectiveness of a darknet traffic taxonomy for longitudinal data. To reach these goals, we propose a simple darknet traffic taxonomy based on network traffic rules, and evaluate it with two darknet traces: one covering 12 years since 2006, while the other covering 11 years since 2007. The evaluation results reveal the effectiveness of this taxonomy: we are able to label over 94% of all source IPs with anomalies defined by the taxonomy, leaving the unlabeled source ratio low. We also examine the evolution of different anomalies since 2006 (especially in recent years), analyze the temporal and spatial dependency and parameter dependency of darknet traffic, and conclude that most sources in the datasets are characterized by just one or two anamalies with simple attack mechanisms. Moreover, we compare the taxonomy with a one-way traffic analysis tool (i.e., iatmon) to better understand their differences. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.26(2018) (online) DOI http://dx.doi.org/10.2197/ipsjjip.26.148 ------------------------------ |
|||||||||
| 書誌レコードID | ||||||||||
| 収録物識別子タイプ | NCID | |||||||||
| 収録物識別子 | AN00116647 | |||||||||
| 書誌情報 |
情報処理学会論文誌 巻 59, 号 2, 発行日 2018-02-15 |
|||||||||
| ISSN | ||||||||||
| 収録物識別子タイプ | ISSN | |||||||||
| 収録物識別子 | 1882-7764 | |||||||||
