Abstract
Darknet monitoring is very important for understanding various botnet activities for early detection and defense the threats on the Internet caused by the botnets. However, common illegal accesses by ordinary malware make such detection difficult. To remove such accesses by ordinary malware from the results of network monitoring, we propose a data screening method based on finding frequent sequential patterns that appear in given traffic data. We applied our method to traffic data observed in the darknet and report the results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arimura H, Shinohara T, Otsuki S (1994) Finding minimal generalizations for unions of pattern languages and its application to inductive inference from positive data. Proceedings of The 11th Symposium on Theoretical Aspects of Computer Science, Springer, Lecture Notes in Computer Science 775:649–660
Fukushima Y, Hori Y, Sakurai K (2009) A consideration of feature extraction for attacks on darknet. IEICE technical report, 109(285):37–42, in Japanese
JPCERT/CC. http://www.jpcert.or.jp/english/
Kim M, Kang H, Hong S, Chung S, Hong JW (2004) A flow-based method for abnormal network traffic detection. Proc IEEE/IFIP Network Oper Manag Sym (1):599–612
Miyahara T, Suzuki Y, Shoudai T, Uchida T, Takahashi K, Ueda H (2002) Discovery of frequent tag tree patterns in semistructured web documents. Proceedings of The 5th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Lecture Notes in Artificial Intelligence, 2336:341–355
Nicter project. http://www.nict.go.jp/en/nsri/index.html
SANS Internet Storm Center. http://isc.sans.org/
Tsuruta H, Shoudai T, Takeuchi J (2011) Frequent sequential pattern discovery for data screening, Lecture notes in engineering and computer science: Proceedings of the international multiConference of engineers and computer scientists, IMECS 2011, 16–18 March, 2011, Hong Kong, pp 315–322
Yamasaki H, Sasaki Y, Shoudai T, Uchida T, Suzuki Y (2009) Learning block-preserving graph patterns and its application to data mining. Mach Learn 76(1):137–173
Acknowledgments
This research is supported by the National Institute of Information and Communications Technology (NICT) of Japan, entitled “Research and Development for Widespread High-speed Incident Analysis”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Tsuruta, H., Shoudai, T., Takeuchi, J. (2012). Network Traffic Screening Using Frequent Sequential Patterns. In: Ao, S., Castillo, O., Huang, X. (eds) Intelligent Control and Innovative Computing. Lecture Notes in Electrical Engineering, vol 110. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-1695-1_28
Download citation
DOI: https://doi.org/10.1007/978-1-4614-1695-1_28
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-1694-4
Online ISBN: 978-1-4614-1695-1
eBook Packages: EngineeringEngineering (R0)