DANTE: A framework for mining and monitoring darknet traffic
- URL: http://arxiv.org/abs/2003.02575v1
- Date: Thu, 5 Mar 2020 12:47:29 GMT
- Title: DANTE: A framework for mining and monitoring darknet traffic
- Authors: Dvir Cohen, Yisroel Mirsky, Yuval Elovici, Rami Puzis, Manuel Kamp,
Tobias Martin, Asaf Shabtai
- Abstract summary: DANTE is a framework and algorithm for mining darknet traffic.
It learns the meaning of targeted network ports by applying Word2Vec to observed port sequences.
It uses a novel and incremental time-series cluster tracking algorithm to detect recurring behaviors and new emerging threats.
- Score: 47.032808827629424
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Trillions of network packets are sent over the Internet to destinations which
do not exist. This 'darknet' traffic captures the activity of botnets and other
malicious campaigns aiming to discover and compromise devices around the world.
In order to mine threat intelligence from this data, one must be able to handle
large streams of logs and represent the traffic patterns in a meaningful way.
However, by observing how network ports (services) are used, it is possible to
capture the intent of each transmission. In this paper, we present DANTE: a
framework and algorithm for mining darknet traffic. DANTE learns the meaning of
targeted network ports by applying Word2Vec to observed port sequences. Then,
when a host sends a new sequence, DANTE represents the transmission as the
average embedding of the ports found that sequence. Finally, DANTE uses a novel
and incremental time-series cluster tracking algorithm on observed sequences to
detect recurring behaviors and new emerging threats. To evaluate the system, we
ran DANTE on a full year of darknet traffic (over three Tera-Bytes) collected
by the largest telecommunications provider in Europe, Deutsche Telekom and
analyzed the results. DANTE discovered 1,177 new emerging threats and was able
to track malicious campaigns over time. We also compared DANTE to the current
best approach and found DANTE to be more practical and effective at detecting
darknet traffic patterns.
Related papers
- MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.
We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.
MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z) - ETGuard: Malicious Encrypted Traffic Detection in Blockchain-based Power Grid Systems [11.476439383002829]
We present a novel framework that is able to automatically detect malicious encrypted traffic in blockchain-based power grid systems.
We mathematically derive incremental learning losses to resist the forgetting of old attack patterns.
Our method achieves state-of-the-art performance on three different benchmark datasets.
arXiv Detail & Related papers (2024-08-20T08:53:42Z) - Machine Learning-Based Malicious Vehicle Detection for Security Threats
and Attacks in Vehicle Ad-hoc Network (VANET) Communications [0.48951183832371004]
Blackhole attacks are significant threats to Vehicle Ad-hoc Network (VANET)
In this paper, we propose a machine learning-based approach for blackhole detection in VANET.
arXiv Detail & Related papers (2024-01-16T06:01:02Z) - A Novel Supervised Deep Learning Solution to Detect Distributed Denial
of Service (DDoS) attacks on Edge Systems using Convolutional Neural Networks
(CNN) [0.41436032949434404]
This project presents a novel deep learning-based approach for detecting DDoS attacks in network traffic.
The algorithm employed in this study exploits the properties of Convolutional Neural Networks (CNN) and common deep learning algorithms.
The results of this study demonstrate the effectiveness of the proposed algorithm in detecting DDOS attacks, achieving an accuracy of.9883 on 2000 unseen flows in network traffic.
arXiv Detail & Related papers (2023-09-11T17:37:35Z) - Darknet Traffic Classification and Adversarial Attacks [3.198144010381572]
This research aims to improve darknet traffic detection by assessing Support Vector Machines (SVM), Random Forest (RF), Convolutional Neural Networks (CNN) and Auxiliary-Classifier Generative Adversarial Networks (AC-GAN)
We find that our RF model outperforms the state-of-the-art machine learning techniques used in prior work with the CIC-Darknet 2020 dataset.
arXiv Detail & Related papers (2022-06-12T12:12:37Z) - Road Network Guided Fine-Grained Urban Traffic Flow Inference [108.64631590347352]
Accurate inference of fine-grained traffic flow from coarse-grained one is an emerging yet crucial problem.
We propose a novel Road-Aware Traffic Flow Magnifier (RATFM) that exploits the prior knowledge of road networks.
Our method can generate high-quality fine-grained traffic flow maps.
arXiv Detail & Related papers (2021-09-29T07:51:49Z) - Learning to Track Objects from Unlabeled Videos [63.149201681380305]
In this paper, we propose to learn an Unsupervised Single Object Tracker (USOT) from scratch.
To narrow the gap between unsupervised trackers and supervised counterparts, we propose an effective unsupervised learning approach composed of three stages.
Experiments show that the proposed USOT learned from unlabeled videos performs well over the state-of-the-art unsupervised trackers by large margins.
arXiv Detail & Related papers (2021-08-28T22:10:06Z) - Zooming Into the Darknet: Characterizing Internet Background Radiation
and its Structural Changes [11.053245096756639]
"Darknets" provide a unique window into Internet-wide malicious activities.
Large Darknets observe millions of nefarious events on a daily basis.
We present a novel framework for characterizing Darknet behavior and its temporal evolution.
arXiv Detail & Related papers (2021-07-29T00:54:02Z) - Detecting Invisible People [58.49425715635312]
We re-purpose tracking benchmarks and propose new metrics for the task of detecting invisible objects.
We demonstrate that current detection and tracking systems perform dramatically worse on this task.
Second, we build dynamic models that explicitly reason in 3D, making use of observations produced by state-of-the-art monocular depth estimation networks.
arXiv Detail & Related papers (2020-12-15T16:54:45Z) - Enhancing Graph Neural Network-based Fraud Detectors against Camouflaged
Fraudsters [78.53851936180348]
We introduce two types of camouflages based on recent empirical studies, i.e., the feature camouflage and the relation camouflage.
Existing GNNs have not addressed these two camouflages, which results in their poor performance in fraud detection problems.
We propose a new model named CAmouflage-REsistant GNN (CARE-GNN) to enhance the GNN aggregation process with three unique modules against camouflages.
arXiv Detail & Related papers (2020-08-19T22:33:12Z) - Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
Botnets are now a major source for many network attacks, such as DDoS attacks and spam.
In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
arXiv Detail & Related papers (2020-03-13T15:34:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.