SpringerLink
Log in

Collaborative Behavior Visualization and Its Detection by Observing Darknet Traffic

  • Conference paper
Cyberspace Safety and Security (CSS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7672))

Included in the following conference series:

Abstract

Recently, we have a problem about an attack generated by a botnet which consists of a group of compromised computers called bots. An attacker called botmaster controls it and a botnet invokes an attack such as scanning and DDoS attack. In this paper, we use the 3D-visualization to investigate the change of attack according to the darknet traffic. As a result, we discover the attack in which several source IP addresses transmit packets to a single destination within a short period of time. In addition, we find that the packet size and the destination port number are identical on its attack. Furthermore, we propose the method to detect this attack called behavior of collaborative attack. In our proposal, we focus on the number of source IP addresses which transmit packets to the single destination. We detected this packet and the rate of packet with the same packet size and destination port number occupied about 90% of the set unit of extracted packet.

This work was partially supported by Proactive Response Against Cyber-attacks Through International Collaborative Exchange (PRACTICE), Ministry of Internal Affairs and Communications, Japan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (France)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 52.74
Price includes VAT (France)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defenses. In: Proc. Cybersecurity Applications & Technology Conference for Homeland Security, Washington, DC, USA, pp. 299–304 (March 2009)

    Google Scholar 

  2. Mcafee Co., http://www.mcafee.com

  3. Symantec Co., http://www.symantec.com

  4. Guirguis, M., Bestavros, A., Matta, I.: On the Impact of Low-Rate Attacks. In: IEEE International Conference and Communications, vol. 5, pp. 2316–2321 (June 2006)

    Google Scholar 

  5. Treurniet, J.: A Network Activity Classification Schema and Its Application to Scan Detection. IEEE/ACM Transactions on Networking 19(5), 1396–1404 (2011)

    Article  Google Scholar 

  6. **ang, Y., Li, K., Zhou, W.: Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics. IEEE Transactions on Information Forensics and Security 6(2), 426–437 (2011)

    Article  Google Scholar 

  7. Kim, M.-S., Kang, H.-J., Hong, S.-C., Chung, S.-H., Hong, J.W.: A Flow-based Method for Abnormal Network Traffic Detection. In: IEEE/IFIP Network Operations and Management Symposium 2004 (2004)

    Google Scholar 

  8. Eto, M., Inoue, D., Song, J., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: A Large-Scale Network Incident Analysis System. In: Proc. First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 37–45 (2011)

    Google Scholar 

  9. Kanlayasiri, U., Sanguanpong, S., Jaratmanachot, W.: A Rule-based Approach for Port Scanning Detection. In: Proc. 23rd Electrical Engineering Conference, Thailand, pp. 148–153 (2000)

    Google Scholar 

  10. Needham, R.M.: Denial of Service. In: Proc. 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, pp. 151–153 (November 1993)

    Google Scholar 

  11. Moore, D., Shannon, C., Brown, D., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-Service Activity. ACM Transactions on Computer Systems 24(2), 115–139 (2006)

    Article  Google Scholar 

  12. Cooke, E., Bailey, M., Mao, Z.M., Watson, D., Jahanian, F., McPherson, D.: Toward Understanding Distributed Blackhole Placement. In: Proc. ACM CCS Workshop on Rapid Malcode, pp. 54–64. ACM Press (October 2004)

    Google Scholar 

  13. Feily, M., Shahrestani, A.: A Survey of Botnet and Botnet Detection. In: Proc. Third International Conference on Emerging Security Information, Systems and Technologies (June 2009)

    Google Scholar 

  14. Choi, H., Lee, H., Lee, H., Kim, H.: Botnet Detection by Monitoring Group Activities in DNS Traffic. In: Proc. 7th IEEE International Conference on Computer and Information Technology, pp. 715–720 (2007)

    Google Scholar 

  15. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A Multifaceted Approach to Understanding the Botnet Phenomenon. In: Proc. 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–42 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Science and Electrical Engineering, Kyushu University, Fukuoka, Japan

    Satoru Akimoto, Yoshiaki Hori & Kouichi Sakurai

  2. Institute of Systems, Information Technologies and Nanotechnologies, Fukuoka, Japan

    Satoru Akimoto, Yoshiaki Hori & Kouichi Sakurai

Authors
  1. Satoru Akimoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yoshiaki Hori
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kouichi Sakurai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Deakin University, 221 Burwood Highway, 3125, Burwood, VIC, Australia

    Yang **ang  & Wanlei Zhou  & 

  2. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29170, Malaga, Spain

    Javier Lopez

  3. Ming Hsieh Department of Electrical Engineering, University of Southern California, 3740 McClintock Ave., 90089-2564, Los Angeles, CA, USA

    C.-C. Jay Kuo

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Akimoto, S., Hori, Y., Sakurai, K. (2012). Collaborative Behavior Visualization and Its Detection by Observing Darknet Traffic. In: **ang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35362-8_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35361-1

  • Online ISBN: 978-3-642-35362-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation