DANTE: A Framework for Mining and Monitoring Darknet Traffic

被引：11

作者：

Cohen, Dvir ^{[1
]}

Mirsky, Yisroel ^{[1
,2
]}

Kamp, Manuel ^{[3
]}

Martin, Tobias ^{[3
]}

Elovici, Yuval ^{[1
]}

Puzis, Rami ^{[1
]}

Shabtai, Asaf ^{[1
]}

机构：

[1] Ben Gurion Univ Negev, Dept Software & Informat Syst Engn, Beer Sheva, Israel

[2] Georgia Inst Technol, Atlanta, GA 30332 USA

[3] Deutsch Telekom Secur GmbH, Bonn, Germany

来源：

COMPUTER SECURITY - ESORICS 2020, PT I | 2020年 / 12308卷

关键词：

Darknet; Blackhole; Machine learning; Port embedding;

D O I：

10.1007/978-3-030-58951-6_5

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Trillions of network packets are sent over the Internet to destinations which do not exist. This 'darknet' traffic captures the activity of botnets and other malicious campaigns aiming to discover and compromise devices around the world. In this paper, we present DANTE: a framework and algorithm for mining darknet traffic. DANTE learns the meaning of targeted network ports by applying Word2Vec to observed port sequences. To detect recurring behaviors and new emerging threats, DANTE uses a novel and incremental time-series cluster tracking algorithm on the observed sequences. To evaluate the system, we ran DANTE on a full year of darknet traffic (over three Tera-Bytes) collected by the largest telecommunications provider in Europe, Deutsche Telekom and analyzed the results. DANTE discovered 1,177 new emerging threats and was able to track malicious campaigns over time.

引用

页码：88 / 109

页数：22

共 50 条

[31] DarkVec: Automatic Analysis of Darknet Traffic with Word Embeddings
Gioacchini, Luca
Vassio, Luca
Mellia, Marco
Drago, Idilio
Ben Houidi, Zied
Rossi, Dario
PROCEEDINGS OF THE 17TH INTERNATIONAL CONFERENCE ON EMERGING NETWORKING EXPERIMENTS AND TECHNOLOGIES, CONEXT 2021, 2021, : 76 - 89
[32] Practical Darknet Traffic Analysis: Methods and Case Studies
Ban, Tao
Inoue, Daisuke
2017 IEEE SMARTWORLD, UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTED, SCALABLE COMPUTING & COMMUNICATIONS, CLOUD & BIG DATA COMPUTING, INTERNET OF PEOPLE AND SMART CITY INNOVATION (SMARTWORLD/SCALCOM/UIC/ATC/CBDCOM/IOP/SCI), 2017,
[33] Darknet Traffic Analysis: Investigating the Impact of Modified Tor Traffic on Onion Service Traffic Classification
Karunanayake, Ishan
Ahmed, Nadeem
Malaney, Robert
Islam, Rafiqul
Jha, Sanjay K.
IEEE ACCESS, 2023, 11 : 70011 - 70022
[34] Ensemble Voting for Enhanced Robustness in DarkNet Traffic Detection
Shinde, Varun
Singhal, Kartik
Almogren, Ahmad
Dhanawat, Vineet
Karande, Vishal
Rehman, Ateeq Ur
IEEE ACCESS, 2024, 12 : 177064 - 177079
[35] Analyzing Darknet TCP Traffic Stability at Different Timescales
Vichaidis, Napaphat
Tsunoda, Hiroshi
Keeni, Glenn Manfield
2018 32ND INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN), 2018, : 128 - 133
[36] A Data Mining Framework For Monitoring Nuclear Facilities
Vatsavai, Ranga Raju
12TH IEEE INTERNATIONAL CONFERENCE ON DATA MINING WORKSHOPS (ICDMW 2012), 2012, : 917 - 917
[37] Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence
Nunes, Eric
Diab, Ahmad
Gunn, Andrew
Marin, Ericsson
Mishra, Vineet
Paliath, Vivin
Robertson, John
Shakarian, Jana
Thart, Amanda
Shakarian, Paulo
IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 2016, : 7 - 12
[38] An Ontology-based Data Mining Framework in Traffic Domain
Wang, Ruguang
Dai, Weidi
Cheng, Jieru
FRONTIERS OF MANUFACTURING AND DESIGN SCIENCE II, PTS 1-6, 2012, 121-126 : 55 - 59
[39] Monitoring Darknet Activities by Using Network Telescope
AlShehyari, Shaikha
Yeun, Chan Yeob
Damian, Ernesto
2017 12TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2017, : 123 - 128
[40] XAITrafficIntell: Interpretable Cyber Threat Intelligence for Darknet Traffic Analysis
Arikkat, Dincy R.
Vinod, P.
Rehiman, K. A. Rafidha
Rasheed, Rabeeba Abdul
Conti, Mauro
JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2024, 32 (04)

← 1 2 3 4 5 →