Shedding light into the darknet: scanning characterization and detection of temporal changes

Rupesh Prajapati, Vasant Honavar, Dinghao Wu, John Yen, Michalis Kallitsis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Network telescopes provide a unique window into Internet-wide malicious activities associated with malware propagation, denial of service attacks, network reconnaissance, and others. Analyses of this telescope data can highlight ongoing malicious events in the Internet which can be used to prevent or mitigate cyber-threats in real-time. However, large telescopes observe millions of events on a daily basis which renders the task of transforming this knowledge to meaningful insights challenging. In order to address this, we present a novel framework for characterizing Internet's background radiation and for tracking its temporal evolution. The proposed framework: (i) Extracts a high dimensional representation of telescope scanners composed of features distilled from telescope data and learns an information-preserving low-dimensional representation of these events that is amenable to clustering; (ii) Performs clustering of resulting representation space to characterize the scanners and (iii) Utilizes the clustering outcomes as "signatures"to detect temporal changes in the network telescope.

Original languageEnglish (US)
Title of host publicationCoNEXT 2021 - Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
PublisherAssociation for Computing Machinery, Inc
Pages469-470
Number of pages2
ISBN (Electronic)9781450390989
DOIs
StatePublished - Dec 2 2021
Event17th ACM International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2021 - Virtual, Online, Germany
Duration: Dec 7 2021Dec 10 2021

Publication series

NameCoNEXT 2021 - Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies

Conference

Conference17th ACM International Conference on emerging Networking EXperiments and Technologies, CoNEXT 2021
Country/TerritoryGermany
CityVirtual, Online
Period12/7/2112/10/21

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this