CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
A multifaceted approach to understanding the botnet phenomenon
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Botnet Detection by Monitoring Group Activities in DNS Traffic
CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
A Survey of Botnet and Botnet Detection
SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
A network activity classification schema and its application to scan detection
IEEE/ACM Transactions on Networking (TON)
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics
IEEE Transactions on Information Forensics and Security
Hi-index | 0.00 |
Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.