| Presentation | 2015-06-12 Can internet measurement be a noise for analysis of darknet? Yumehisa Haga, Akira Saso, Tatsuya Mori, Shigeki Goto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Darknet is a passive sensor system dedicated to monitoring trafficrouted to unused IP address space. Darknets have been widely used as a tool to detect potentially malicious activities, such as propagating worms, because most packets observed in a darknet can be assumed to have been originated from nonlegitimate hosts. However, recent commoditization of Internet-scale survey trafficoriginated from legitimate hosts could overwhelm the trafficoriginally supposed to be monitored with a darknet's sensor. Based onthis observation, we posed the following research question:"Can the Internet-scale survey traffic become noise when we analyze darknet traffic?" To answer the research question, this work proposes a novel frameworkcalled ID2 that aims to increase the darkness of darknet traffic, i.e., ID2 attempts to automatically discriminate betweenInternet-scale survey traffic originating from legitimate hosts andother traffic potentially associated with malicious activities. ID2leverages two intrinsic characteristics of Internet-scale surveytraffic: a network-level property and some form of footprintsexplicitly indicated by surveyors. Through the extensive analysis of traffic using ID2, we revealed thatInternet-scale traffic actually can be noise when we analyzed darknettraffic. We also demonstrated that the discrimination of surveytraffic enabled us to expose hidden traffic anomalies, which wereinvisible without our technique. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Darknet |
| Paper # | IA2015-15,ICSS2015-15 |
| Date of Issue | 2015-06-04 (IA, ICSS) |
| Conference Information | |
| Committee | IA / ICSS |
|---|---|
| Conference Date | 2015/6/11(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Kyushu Institute of Technology Univ. |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet Security, etc. |
| Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
| Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi |
| Assistant | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Can internet measurement be a noise for analysis of darknet? |
| Sub Title (in English) | |
| Keyword(1) | Darknet |
| 1st Author's Name | Yumehisa Haga |
| 1st Author's Affiliation | Waseda University(Waseda Univ.) |
| 2nd Author's Name | Akira Saso |
| 2nd Author's Affiliation | Waseda University(Waseda Univ.) |
| 3rd Author's Name | Tatsuya Mori |
| 3rd Author's Affiliation | Waseda University(Waseda Univ.) |
| 4th Author's Name | Shigeki Goto |
| 4th Author's Affiliation | Waseda University(Waseda Univ.) |
| Date | 2015-06-12 |
| Paper # | IA2015-15,ICSS2015-15 |
| Volume (vol) | vol.115 |
| Number (no) | IA-80,ICSS-81 |
| Page | pp.pp.81-86(IA), pp.81-86(ICSS), |
| #Pages | 6 |
| Date of Issue | 2015-06-04 (IA, ICSS) |