Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.821

A Study on Detecting Black IPs for Using Destination Ports of Darknet Traffic  

Park, Jinhak (Korea Institute of Science and Technology Information)
Kwon, Taewoong (Korea Institute of Science and Technology Information)
Lee, Younsu (Korea Institute of Science and Technology Information)
Choi, Sangsoo (Korea Institute of Science and Technology Information)
Song, Jungsuk (Korea Institute of Science and Technology Information)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 821-830 More about this Journal
Abstract
The internet is an important infra resource that it controls the economy and society of our country. Also, it is providing convenience and efficiency of the everyday life. But, a case of various are occurred through an using vulnerability of an internet infra resource. Recently various attacks of unknown to the user are an increasing trend. Also, currently system of security control is focussing on patterns for detecting attacks. However, internet threats are consistently increasing by intelligent and advanced various attacks. In recent, the darknet is received attention to research for detecting unknown attacks. Since the darknet means a set of unused IP addresses, no real systems connected to the darknet. In this paper, we proposed an algorithm for finding black IPs through collected the darknet traffic based on a statistics data of port information. The proposed method prepared 8,192 darknet space and collected the darknet traffic during 3 months. It collected total 827,254,121 during 3 months of 2016. Applied results of the proposed algorithm, black IPs are June 19, July 21, and August 17. In this paper, results by analysis identify to detect frequency of black IPs and find new black IPs of caused potential cyber threats.
Keywords
Darknet; System of security control; Detecting black IPs;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Abbasi, F., H, and Harris, R. J., "Intrusion detection in Honeynets by compression and hashing," Proc. of the Telecommunication Networks and Application Conference (ATNAC'10), pp.96-101, Nov. 2010.
2 Park, J., Choi, J., and Song, J., "How to Design Practical Client Honeypots Based on Virtual Environment" Asia Joint Conference on Information Security(AsiaJCIS), pp.67-73, Aug. 2016.
3 Kim, H., Choi, S., and Song, J., "A Methodology for Multipurpose DNS Sinkhole Analyzing Double Bounce Emails," Proc. on ICONIP 2013, LNCS 8226, pp. 609-616, Nov. 2013.
4 Lee, H., Choi, S., Lee, Y., and Park, H., "Enhanced Sinkhole System by Improving Post-processing Mechanism," Proc. on FGIT 2010, LNCS 6485, pp. 469-480, Dec. 2010.
5 Kim, Y., and Youm, H., "A New Bot Disinfection Method Based on DNS Sinkhole," Journal of the Korea Institute of Information Security & Cryptology vol.18, no.6, pp. 107-114, Dec. 2008.
6 Egele, M., Scholte, T., Kirda, E., and Kruegel, C., "A survey on automated dynamic malware-analysis techniques and tools," Journal of ACM Computing Surveys (CSUR) Vol. 44, Issue 2, Feb. 2012.
7 Willenms, C., Holz, T., and Freiling, F., "Toward Automated Dynamic Malware Analysis Using CW Sandbox," Journal of IEEE Security and Privacy, Vol 5, Issue 2, Mar. 2007.
8 Qiu, H., and Osoro F. C. C., "Static malware detection with Segmented Sandboxing," Proc. of 8th International Conference on the Malicious and Unwanted Software (MALWARE'13), pp. 132-141, Oct. 2013.
9 Ban, T., Eto, M., Guo, S., Inoue, D., Nakao, K., and Huang, R., "A Study on Association Rule Mining of Darknet Big Data" International Joint Conference on Neural networks(IJCNN), pp. 1-7, Jul. 2015.
10 Liu, J., and Fukuda, K., "Towards a Taxonomy of Darknet Traffic" International Wireless Communications and Mobile Computing Conference(IWCMC), pp. 37-43, Aug. 2014.
11 S, Mukkamala., K, Yendrapalli., and R, Basnet., "Detection of Virtual Environments and Low Interaction Honeypots," Information Assurance and Security Workshop, 2007, June. 2007.
12 Ayeni O.A, Alese B.K, and Omotosho L.O., "Design and Implementation of a Medium Interaction Honeypot," International Journal of Computer Applications, May. 2013.
13 Supinder, K., and Harpreet, K., "Client Honeypot Based Malware Program Detection Embedded Into Web Pages " Supinder Kaur et al Int. Journal of Engineering Research and Applications, pp. 849-854, Dec. 2013.
14 Abbasi, F., H, and Harris, R. J., "Experiences with a Generation III virtual Honeynet," Proc. of the Telecommunication Networks and Applications Conference(ATNAC'09), pp.1-6, Nov. 2009.
15 Eto, M., Inoue. D., Song, J., Nakazato, J., Ohtaka, K., and Nakao, K., "nicter : A Large-Scale Network Incident Analysis System," Proc. of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security(BADGERS '11), pp. 37-45, Apr. 2011.
16 Choi, S., Kim, S., and Park, H., "A Fusion Framework of IDS Alerts and Darknet Traffic for Effective Incident Monitoring and Response," Journal of Applied Mathematics & Information Science, pp.245-251, Dec. 2013.
17 Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K., and Watson, D., "Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic," Proc. of the 5th ACM SIGCOMM conference on Internet Measurement(IMC'05), pp 239-252, Oct. 2005.
18 Fachkha, C., and Debbabi, M., "Darknet as a Source of Cyber Intelligence Survey, Taxonomy and Characterization" IEEE Communications Surveys&Tutorials, pp. 1197-1227, Nov. 2015.
19 Spitzner, L., "The Honeynet Project: trapping the hackers," Magazine of Security & Privacy, IEEE pp.15-23, Mar. 2003.