Collaborative behavior visualization and its detection by observing darknet traffic

Satoru Akimoto; Yoshiaki Hori; Kouichi Sakurai

doi:10.1007/978-3-642-35362-8_17

Collaborative behavior visualization and its detection by observing darknet traffic

Satoru Akimoto, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

Original language	English
Title of host publication	Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings
Pages	212-226
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-642-35362-8_17
Publication status	Published - Dec 26 2012
Event	4th International Symposium on Cyberspace Safety and Security, CSS 2012 - Melbourne, VIC, Australia Duration: Dec 12 2012 → Dec 13 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7672 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	4th International Symposium on Cyberspace Safety and Security, CSS 2012
Country/Territory	Australia
City	Melbourne, VIC
Period	12/12/12 → 12/13/12

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-642-35362-8_17

Cite this

Akimoto, S., Hori, Y., & Sakurai, K. (2012). Collaborative behavior visualization and its detection by observing darknet traffic. In Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings (pp. 212-226). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7672 LNCS). https://doi.org/10.1007/978-3-642-35362-8_17

Collaborative behavior visualization and its detection by observing darknet traffic. / Akimoto, Satoru; Hori, Yoshiaki; Sakurai, Kouichi.

Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. p. 212-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7672 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Akimoto, S, Hori, Y & Sakurai, K 2012, Collaborative behavior visualization and its detection by observing darknet traffic. in Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7672 LNCS, pp. 212-226, 4th International Symposium on Cyberspace Safety and Security, CSS 2012, Melbourne, VIC, Australia, 12/12/12. https://doi.org/10.1007/978-3-642-35362-8_17

Akimoto S, Hori Y, Sakurai K. Collaborative behavior visualization and its detection by observing darknet traffic. In Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. p. 212-226. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-35362-8_17

Akimoto, Satoru ; Hori, Yoshiaki ; Sakurai, Kouichi. / Collaborative behavior visualization and its detection by observing darknet traffic. Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings. 2012. pp. 212-226 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{734f82cc1a4843a6b83a025362e0bc24,

title = "Collaborative behavior visualization and its detection by observing darknet traffic",

abstract = "Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.",

author = "Satoru Akimoto and Yoshiaki Hori and Kouichi Sakurai",

year = "2012",

month = dec,

day = "26",

doi = "10.1007/978-3-642-35362-8_17",

language = "English",

isbn = "9783642353611",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "212--226",

booktitle = "Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings",

note = "4th International Symposium on Cyberspace Safety and Security, CSS 2012 ; Conference date: 12-12-2012 Through 13-12-2012",

}

TY - GEN

T1 - Collaborative behavior visualization and its detection by observing darknet traffic

AU - Akimoto, Satoru

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2012/12/26

Y1 - 2012/12/26

N2 - Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

AB - Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

UR - http://www.scopus.com/inward/record.url?scp=84871392471&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84871392471&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-35362-8_17

DO - 10.1007/978-3-642-35362-8_17

M3 - Conference contribution

AN - SCOPUS:84871392471

SN - 9783642353611

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 212

EP - 226

BT - Cyberspace Safety and Security - 4th International Symposium, CSS 2012, Proceedings

T2 - 4th International Symposium on Cyberspace Safety and Security, CSS 2012

Y2 - 12 December 2012 through 13 December 2012

ER -

Collaborative behavior visualization and its detection by observing darknet traffic

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this