TY - GEN
T1 - Shedding light into the darknet
T2 - 17th ACM International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2021
AU - Prajapati, Rupesh
AU - Honavar, Vasant
AU - Wu, Dinghao
AU - Yen, John
AU - Kallitsis, Michalis
N1 - Funding Information:
We presented a novel framework towards network situational awareness. In addition to Darknet characterization (also done in other works, e.g., [4]), our approach utilizes the clustering outcomes to detect structural changes in the Darknet. Timely detection of such behavior would lead to rapid mitigation of emerging threats (e.g., zero-day exploits). As part of ongoing work, we plan to expand the set of features we select (e.g., introduce some of the ones in [3, 5]) to enhance the clustering interpretation. Moreover, given the limitations of running a centralized Darknet sensor [5], we plan to integrate additional data sources into our system (e.g., distributed honeypots, VirusTotal, ExploitDB, etc.) to further validate our results and to apply our techniques to other critical data sources. Acknowledgements This work is partially supported by the U.S. DHS under Grant Award Number 17STQAC00001-05-00 and by the NSF CNS-1823192 award. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies of the sponsor.
Publisher Copyright:
© 2021 Owner/Author.
PY - 2021/12/2
Y1 - 2021/12/2
N2 - Network telescopes provide a unique window into Internet-wide malicious activities associated with malware propagation, denial of service attacks, network reconnaissance, and others. Analyses of this telescope data can highlight ongoing malicious events in the Internet which can be used to prevent or mitigate cyber-threats in real-time. However, large telescopes observe millions of events on a daily basis which renders the task of transforming this knowledge to meaningful insights challenging. In order to address this, we present a novel framework for characterizing Internet's background radiation and for tracking its temporal evolution. The proposed framework: (i) Extracts a high dimensional representation of telescope scanners composed of features distilled from telescope data and learns an information-preserving low-dimensional representation of these events that is amenable to clustering; (ii) Performs clustering of resulting representation space to characterize the scanners and (iii) Utilizes the clustering outcomes as "signatures"to detect temporal changes in the network telescope.
AB - Network telescopes provide a unique window into Internet-wide malicious activities associated with malware propagation, denial of service attacks, network reconnaissance, and others. Analyses of this telescope data can highlight ongoing malicious events in the Internet which can be used to prevent or mitigate cyber-threats in real-time. However, large telescopes observe millions of events on a daily basis which renders the task of transforming this knowledge to meaningful insights challenging. In order to address this, we present a novel framework for characterizing Internet's background radiation and for tracking its temporal evolution. The proposed framework: (i) Extracts a high dimensional representation of telescope scanners composed of features distilled from telescope data and learns an information-preserving low-dimensional representation of these events that is amenable to clustering; (ii) Performs clustering of resulting representation space to characterize the scanners and (iii) Utilizes the clustering outcomes as "signatures"to detect temporal changes in the network telescope.
UR - http://www.scopus.com/inward/record.url?scp=85121657625&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85121657625&partnerID=8YFLogxK
U2 - 10.1145/3485983.3493347
DO - 10.1145/3485983.3493347
M3 - Conference contribution
AN - SCOPUS:85121657625
T3 - CoNEXT 2021 - Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
SP - 469
EP - 470
BT - CoNEXT 2021 - Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
PB - Association for Computing Machinery, Inc
Y2 - 7 December 2021 through 10 December 2021
ER -