Collaborative behavior visualization and its detection by observing darknet traffic

Satoru Akimoto, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

Original languageEnglish
Title of host publicationCyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings
Pages212-226
Number of pages15
DOIs
Publication statusPublished - Dec 26 2012
Event4th International Symposium on Cyberspace Safety and Security, CSS 2012 - Melbourne, VIC, Australia
Duration: Dec 12 2012Dec 13 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7672 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other4th International Symposium on Cyberspace Safety and Security, CSS 2012
CountryAustralia
CityMelbourne, VIC
Period12/12/1212/13/12

Fingerprint

Visualization
Attack
Traffic
Scanning
DDoS
3D Visualization
Botnet
Period of time
Unit

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Akimoto, S., Hori, Y., & Sakurai, K. (2012). Collaborative behavior visualization and its detection by observing darknet traffic. In Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings (pp. 212-226). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7672 LNCS). https://doi.org/10.1007/978-3-642-35362-8_17

Collaborative behavior visualization and its detection by observing darknet traffic. / Akimoto, Satoru; Hori, Yoshiaki; Sakurai, Kouichi.

Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. p. 212-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7672 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Akimoto, S, Hori, Y & Sakurai, K 2012, Collaborative behavior visualization and its detection by observing darknet traffic. in Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7672 LNCS, pp. 212-226, 4th International Symposium on Cyberspace Safety and Security, CSS 2012, Melbourne, VIC, Australia, 12/12/12. https://doi.org/10.1007/978-3-642-35362-8_17
Akimoto S, Hori Y, Sakurai K. Collaborative behavior visualization and its detection by observing darknet traffic. In Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. p. 212-226. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-35362-8_17
Akimoto, Satoru ; Hori, Yoshiaki ; Sakurai, Kouichi. / Collaborative behavior visualization and its detection by observing darknet traffic. Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. pp. 212-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{734f82cc1a4843a6b83a025362e0bc24,
title = "Collaborative behavior visualization and its detection by observing darknet traffic",
abstract = "Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90{\%} of the set unit of extracted packet.",
author = "Satoru Akimoto and Yoshiaki Hori and Kouichi Sakurai",
year = "2012",
month = "12",
day = "26",
doi = "10.1007/978-3-642-35362-8_17",
language = "English",
isbn = "9783642353611",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "212--226",
booktitle = "Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings",

}

TY - GEN

T1 - Collaborative behavior visualization and its detection by observing darknet traffic

AU - Akimoto, Satoru

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2012/12/26

Y1 - 2012/12/26

N2 - Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

AB - Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

UR - http://www.scopus.com/inward/record.url?scp=84871392471&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84871392471&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-35362-8_17

DO - 10.1007/978-3-642-35362-8_17

M3 - Conference contribution

SN - 9783642353611

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 212

EP - 226

BT - Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings

ER -