Abstract
Since a darknet is a set of unused IP addresses(i.e., no real hosts are operated with them), we are unable to observe the network traffic on it generally. In many cases, however, attackers or infected hosts by some malwares send their attack codes to the target systems or networks at random. Because of this, the darknet gives us the good opportunity to monitor malicious activities that are happening on the Internet. By analyzing the darknet traffic, it is able to get an insight into recent attack trends, but there is a fatal limitation that most of the darknet traffic have no payload data. This means that we cannot collect the real attack codes from the original darknet traffic. In this paper, we propose a malware collection and analysis framework based on the darknet traffic. With the proposed framework, it is able to get real attack codes in the wild and to respond against potential cyber attacks using them. Our experimental results on the real network environments show the effectiveness of the proposed framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley (2003)
The Honeynet Project: The Honeynet Project, http://www.honeynet.org
Leita, C., Mermoud, K., Dacier, M.: Scriptgen: an automated script generation tool for honeyd. In: Proceedings of the 21st Annual Computer Security Applications Conference (2005)
Song, J., Takakura, H., Okabe, Y.: Cooperation of intelligent honeypots to detect unknown malicious codes. In: WISTDCS 2008, pp. 31–39. IEEE CS Press (2008)
HoneyTrap, http://honeytrap.mwcollect.org/
Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The Internet Motion Sensor: A distributed blackhole monitoring system. In: Proceedings of the 12th ISOC Symposium on Network and Distributed Systems Security (NDSS), pp. 167–179. Citeseer (2005)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Network telescopes. Technical report. CAIDA (April 2004)
Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical darknet measurement. In: 2006 40th Annual Conference on Information Sciences and Systems, pp. 1496–1501. IEEE (2007)
Nakao, K., Inoue, D., Eto, M., Yoshioka, K.: Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring. IEICE Transactions on Information and Systems 92(5), 787–798 (2009)
Eto, M., Inoue, D., Song, J., Nakazato, J., Ohtaka, K., Nakao, K.: nicter: A Large-Scale Network Incident Analysis System. In: Workshop on Development of Large Scale Security-Related Data Collection and Analysis Initiatives (BADGERS 2011), Salzburg, Austria, April 10-13, pp. 37–45. ACM (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, J., Choi, JW., Choi, SS. (2012). A Malware Collection and Analysis Framework Based on Darknet Traffic. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds) Neural Information Processing. ICONIP 2012. Lecture Notes in Computer Science, vol 7664. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34481-7_76
Download citation
DOI: https://doi.org/10.1007/978-3-642-34481-7_76
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34480-0
Online ISBN: 978-3-642-34481-7
eBook Packages: Computer ScienceComputer Science (R0)