Detecting Black IP Using for Classification and Analysis Through Source IP of Daily Darknet Traffic

  • Jinhak Park
  • Jangwon Choi
  • Jungsuk SongEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10638)


Recently, the community is recognizing to an importance of network vulnerability. Also, through the using this vulnerability, attackers can acquire the information of vulnerable users. Therefore, many researchers have been studying about a countermeasure of network vulnerabillty. In recent, the darknet is a received attention to research for detecting action of attackers. The means of darknet are formed a set of unused IP addresses and no real systems of connect to the darknet. In this paper, we proposed an using darknet for the detecting black IPs. So, it was choosen to classification and analysis through source IP of daily darknet traffic. The proposed method prepared 8,192 destination IP addresses in darknet space and collected the darknet traffic during 1 months. It collected total 277,002,257 in 2016, August. An applied results of the proposed process were seen for an effectiveness of pre-detection for real attacks.


Darknet Network vulnerabillty Detection of black IP 


  1. 1.
    Moore, D., Shannon, C., Voelker, G., Savage, S.: Network telescopes. Technical report, CAIDA (2004)Google Scholar
  2. 2.
    Yegneswaran, V., Barford, P., Plonka, D.: On the design and use of internet sinks for network abuse monitoring. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 146–165. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30143-1_8 CrossRefGoogle Scholar
  3. 3.
    Cooke, E., Bailey, M., Watson, D., Jahanian, F., Nazario, J.: The internet motion sensor-a distributed blackhole monitoring system. In: NDSS 2005, pp. 167–179 (2005)Google Scholar
  4. 4.
    Spitzner, L.: The Honeynet project: trapping the hackers. Mag. Secur. Priv. 99, 15–23 (2003)CrossRefGoogle Scholar
  5. 5.
    Abbasi, F.H., Harris, R.J.: Experiences with a generation III virtual Honeynet. In: Telecommunication Networks and Applications Conference 2009, pp. 1–6. IEEE Press (2009)Google Scholar
  6. 6.
    Kim, H.S., Choi, S.-S., Song, J.: A methodology for multipurpose DNS Sinkhole analyzing double bounce emails. In: Lee, M., Hirose, A., Hou, Z.-G., Kil, R.M. (eds.) ICONIP 2013. LNCS, vol. 8226, pp. 609–616. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42054-2_76 CrossRefGoogle Scholar
  7. 7.
    Lee, H.-G., Choi, S.-S., Lee, Y.-S., Park, H.-S.: Enhanced Sinkhole system by improving post-processing mechanism. In: Kim, T., Lee, Y., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 469–480. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17569-5_46 CrossRefGoogle Scholar
  8. 8.
    Choi, S., Kim, S., Park, H.: A fusion framework of IDS alerts and darknet traffic for effective incident monitoring and response. Appl. Math. Inf. Sci. 11, 417–422 (2017)CrossRefGoogle Scholar
  9. 9.
    Song, J., Choi, J.-W., Choi, S.-S.: A malware collection and analysis framework based on darknet traffic. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7664, pp. 624–631. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34481-7_76 CrossRefGoogle Scholar
  10. 10.
    Choi, S., Song, J., Kim, S., Kim, S.: A model of analyzing cyber threats trend and tracing potential attackers based on darknet traffic. Secur. Commun. Netw. 7, 1612–1621 (2013)Google Scholar
  11. 11.
    Ko, S., Kim, K., Lee, Y., Song, J.: A classification method of darknet traffic for advanced security monitoring and response. In: Loo, C.K., Yap, K.S., Wong, K.W., Beng Jin, A.T., Huang, K. (eds.) ICONIP 2014. LNCS, vol. 8836, pp. 357–364. Springer, Cham (2014). doi: 10.1007/978-3-319-12643-2_44 Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Korea Institute of Science and Technology InformationDaejeonKorea
  2. 2.Korea University of Science and TechnologyDaejeonKorea

Personalised recommendations