Deep in the Dark: A Novel Threat Detection System using Darknet Traffic

被引：0

作者：

Kumar, Sanjay ^{[1
]}

Vranken, Harald ^{[2
,3
]}

van Dijk, Joost ^{[4
]}

Hamalainen, Timo ^{[1
]}

机构：

[1] Univ Jyvaskyla, Fac Informat Technol, Jyvaskyla, Finland

[2] Open Univ Netherlands, Heerlen, Netherlands

[3] Radboud Univ Nijmegen, Nijmegen, Netherlands

[4] SURFnet, Utrecht, Netherlands

来源：

2019 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2019年

关键词：

Darknet traffic; DDoS; Machine Learning; Threat Detection; Network Telescope;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic. Traffic destined to Darknet is either malicious or by misconfiguration. Darknet traffic contains traces of several threats such as DDoS attacks, botnets, spoofing, probes and scanning attacks. We analyse darknet traffic by extracting network traffic features from it that help in finding patterns of these advanced threats. We collected the darknet traffic from the network sensors deployed at SURFnet and extracted several network-based features. In this study, we proposed a framework that uses supervised machine learning and a concept drift detector. Our experimental results show that our classifiers can easily distinguish between benign and malign traffic and are able to detect known and unknown threats effectively with an accuracy above 99%.

引用

页码：4273 / 4279

页数：7

共 10 条

[1] Ali SHA, 2016, IEEE IJCNN, P2979, DOI 10.1109/IJCNN.2016.7727577
[2] Balkanli E, 2015, 2015 IEEE 40TH LOCAL COMPUTER NETWORKS CONFERENCE WORKSHOPS (LCN WORKSHOPS), P611, DOI 10.1109/LCNW.2015.7365905
[3] CSC-Detector: A System to Infer Large-Scale Probing Campaigns
Bou-Harb, Elias
Assi, Chadi
Debbabi, Mourad
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2018, 15 (03) : 364 - 377
[4] Draper-Gil Gerard, 2016, ICISSP 2016. 2nd International Conference on Information Systems Security and Privacy. Proceedings, P407
[5] Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets
Furutani, Nobuaki
Ban, Tao
Nakazato, Junji
Shimamura, Jumpei
Kitazono, Jun
Ozawa, Seiichi
[J]. 2014 NINTH ASIA JOINT CONFERENCE ON INFORMATION SECURITY (ASIA JCIS), 2014, : 39 - 43
[6] Kumar S., 2018, COMPUTATIONAL DATA S, DOI [10.1007/978-3-030-04648- 4_43, DOI 10.1007/978-3-030-04648-4_43]
[7] A network-based framework for mobile threat detection
Kumar, Sanjay
Viinikainen, Ari
Hamalainen, Timo
[J]. 2018 1ST INTERNATIONAL CONFERENCE ON DATA INTELLIGENCE AND SECURITY (ICDIS 2018), 2018, : 227 - 233
[8] Lashkari A. H., 2017, CHARACTERIZATION TOR
[9] Skrjanc I., 2017, P IEEE S SERIES COMP, P1
[10] Zhang R., 2017, Applications and Techniques in Information Security, P157

← 1 →