Collaborative behavior visualization and its detection by observing darknet traffic

Authors:
Satoru Akimoto;Yoshiaki Hori;Kouichi Sakurai
Affiliations:
Graduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan, Institute of Systems, Information Technologies and Nanotechnologies, Fukuoka, Japan;Graduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan, Institute of Systems, Information Technologies and Nanotechnologies, Fukuoka, Japan;Graduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan, Institute of Systems, Information Technologies and Nanotechnologies, Fukuoka, Japan
Venue:
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Year:
2012

Citing 10
Cited 0

Denial of service

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Toward understanding distributed blackhole placement

Proceedings of the 2004 ACM workshop on Rapid malcode
Inferring Internet denial-of-service activity

ACM Transactions on Computer Systems (TOCS)
A multifaceted approach to understanding the botnet phenomenon

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Botnet Detection by Monitoring Group Activities in DNS Traffic

CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
A Survey of Botnet Technology and Defenses

CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
A Survey of Botnet and Botnet Detection

SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
nicter: a large-scale network incident analysis system: case studies for understanding threat landscape

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
A network activity classification schema and its application to scan detection

IEEE/ACM Transactions on Networking (TON)
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics

IEEE Transactions on Information Forensics and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.