download0 view142
twitter facebook

공공누리This item is licensed Korea Open Government License

A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic
Publication Year
In general, attackers carry out scanning or probing against a certain network when they start to attack their victims. Because of this, darknet is very useful to observe the scanning activities of attackers who want to find their victims that have security vulnerabilities in operating systems, applications, services, and so on. Thus, by observing and analyzing darknet traffic, it is able to obtain an insight into malicious activities that are happening on the Internet and to identify potential attackers who sent attack packets to the darknet. However, darknet has a fatal limitation that most of the darknet traffic has no payload data. This means that we cannot collect the real attack codes from the original darknet traffic. To cope with this problem, we propose a security monitoring and response model to analyze cyber threats trend and to trace potential attackers based on darknet traffic. We have evaluated the proposed model using one /24 darknet IP addresses and TMS alerts that were obtained from TMS. The experimental results provided the statistical information of all the incoming darknet traffic so that we could obtain the global cyber threats trend. Furthermore, the experimental results demonstrated that we could obtain malicious attack patterns and attack codes that were not detected by TMS.
darknet; cyber threats trend; tracing potential attackers
Journal Title
Security and communication networks
Files in This Item:
There are no files associated with this item.
Appears in Collections:
7. KISTI 연구성과 > 학술지 발표논문
RIS (EndNote)
XLS (Excel)