Presentation | 2015-06-12 Can internet measurement be a noise for analysis of darknet? Yumehisa Haga, Akira Saso, Tatsuya Mori, Shigeki Goto, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Darknet is a passive sensor system dedicated to monitoring trafficrouted to unused IP address space. Darknets have been widely used as a tool to detect potentially malicious activities, such as propagating worms, because most packets observed in a darknet can be assumed to have been originated from nonlegitimate hosts. However, recent commoditization of Internet-scale survey trafficoriginated from legitimate hosts could overwhelm the trafficoriginally supposed to be monitored with a darknet's sensor. Based onthis observation, we posed the following research question:"Can the Internet-scale survey traffic become noise when we analyze darknet traffic?" To answer the research question, this work proposes a novel frameworkcalled ID2 that aims to increase the darkness of darknet traffic, i.e., ID2 attempts to automatically discriminate betweenInternet-scale survey traffic originating from legitimate hosts andother traffic potentially associated with malicious activities. ID2leverages two intrinsic characteristics of Internet-scale surveytraffic: a network-level property and some form of footprintsexplicitly indicated by surveyors. Through the extensive analysis of traffic using ID2, we revealed thatInternet-scale traffic actually can be noise when we analyzed darknettraffic. We also demonstrated that the discrimination of surveytraffic enabled us to expose hidden traffic anomalies, which wereinvisible without our technique. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Darknet |
Paper # | IA2015-15,ICSS2015-15 |
Date of Issue | 2015-06-04 (IA, ICSS) |
Conference Information | |
Committee | IA / ICSS |
---|---|
Conference Date | 2015/6/11(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Kyushu Institute of Technology Univ. |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Internet Security, etc. |
Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.) |
Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi |
Assistant | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
Paper Information | |
Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Can internet measurement be a noise for analysis of darknet? |
Sub Title (in English) | |
Keyword(1) | Darknet |
1st Author's Name | Yumehisa Haga |
1st Author's Affiliation | Waseda University(Waseda Univ.) |
2nd Author's Name | Akira Saso |
2nd Author's Affiliation | Waseda University(Waseda Univ.) |
3rd Author's Name | Tatsuya Mori |
3rd Author's Affiliation | Waseda University(Waseda Univ.) |
4th Author's Name | Shigeki Goto |
4th Author's Affiliation | Waseda University(Waseda Univ.) |
Date | 2015-06-12 |
Paper # | IA2015-15,ICSS2015-15 |
Volume (vol) | vol.115 |
Number (no) | IA-80,ICSS-81 |
Page | pp.pp.81-86(IA), pp.81-86(ICSS), |
#Pages | 6 |
Date of Issue | 2015-06-04 (IA, ICSS) |