Abstract
We are experiencing the true dawn of an Internet of Things society, in which all things are connected to the Internet. While this enables us to receive a wide variety of useful services via the Internet, we cannot ignore the fact that this means the number of devices targeted for Internet attacks has also increased. One known method for handling such issues is the utilization of a darknet monitoring system, which urgently provides information on attack trends occurring on the Internet. This system monitors and analyzes malicious packets in the unused IP address space and provides security related information to both network administrators and ordinary users. In this paper, Topological Data Analysis (TDA) Mapper is utilized to analyze malicious packets on the darknet, which grow increasingly complexity every day from a new perspective. TDA Mapper is a method of TDA that has continued to attract attention in recent years. In an evaluation experiment, by applying TDA to malicious packets monitored using the actual darknet, the malicious packets were able to be visualized. In this study, the author considers the overall image of the visualized malicious packets and examples extracted from the relationships among packets and reports on the effectiveness of the proposed method.
Article PDF
Avoid common mistakes on your manuscript.
References
I. Ahmed, A brief review: security issues in cloud computing and their solutions, TELKOMNIKA 17 (2019), 2812–2817.
Internet Initiative Japan (IIJ), Internet infrastructure review, 38 (2018), 4–11. Available from: https://www.iij.ad.jp/en/dev/iir/038.html.
Symantec, 2019 Internet Security Threat Report, 24, 2019, Available from: https://docs.broadcom.com/doc/istr-24-2019-en.
A. Shahab, M. Nadeem, M. Alenezi, R. Asif, An automated approach to fix buffer overflows, Int. J. Electric. Comput. Eng. 10 (2020), 3777–3787.
H. Kanehara, Y. Murakami, J. Shimamura, T. Takahashi, D. Inoue, N. Murata, Real-time botnet detection using nonnegative tucker decomposition, Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, ACM, Limassol, Cyprus, 2019, pp. 1337–1344.
M. Eto, D. Inoue, J. Song, J. Nakazato, K. Ohtaka, K. Nakao, nicter: a large-scale network incident analysis system: case studies for understanding threat landscape, Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, ACM, Salzburg, Austria, 2011, pp. 37–45.
D. Inoue, M. Eto, K. Suzuki, M. Suzuki, K. Nakao, DAEDALUS-VIZ: novel real-time 3D visualization for darknet monitoring-based alert system, Proceedings of the Ninth International Symposium on Visualization for Cyber Security, ACM, Seattle, Washington, 2012, pp. 72–79.
X. Fan, C. Li, X. Dong, A real-time network security visualization system based on incremental learning (ChinaVis 2018), J. Visual. 22 (2019), 215–229.
M. Coudriau, A. Lahmadi, J. François, Topological analysis and visualisation of network monitoring data: darknet case study, Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS), IEEE, Abu Dhabi, United Arab Emirates, 2016, pp. 1–6.
J. Kashiwagura, M. Narita, T. Inomata, E. Sugino, S. Imai, Investigations in topological data analysis of darknet monitoring packets, Proceedings of the Computer Security Symposium 2017, Information Processing Society of Japan, Yamagata, Japan, 2017, pp. 1246–1250.
Y. Umeda, Teaching us the shape of data - topological data analysis and its applications-, Inform. Process. 57 (2016), 1122–1127.
G. Singh, F. Memoli, G. Carlsson, Topological methods for the analysis of high dimensional data sets and 3D object recognition, Proceedings of the Eurographics Symposium on Point-Based Graphics 2007, The Eurographics Association, Prague, Czech Republic, 2007, pp. 91–100.
G. Carlsson, Topology and data, Bull. Am. Math. Soc. 46 (2009), 255–308.
KeplerMapper, Available from: https://kepler-mapper.scikit-tda.org.
M. Narita, B.B. Bista, T. Takata, A practical study on noise-tolerant PN code-based localisation attacks to internet threat monitors, Int. J. Space Based Situated Comput. 3 (2013), 215–226.
W. Yu, X. Wang, X. Fu, D. Xuan, W. Zhao, An invisible localization attack to internet threat monitors, IEEE Trans. Parallel Distrib. Syst. 20 (2009), 1611–1625.
W. Yu, N. Zhang, X. Fu, R. Bettati, W. Zhao, Localization attacks to internet threat monitors: modeling and countermeasures, IEEE Trans. Comput. 59 (2010), 1655–1668.
W. Yu, S. Wei, G. Ma, X. Fu, N. Zhang, On effective localization attacks against internet threat monitors, Proceedings of the 2013 IEEE International Conference on Communications (ICC), IEEE, Budapest, Hungary, 2013, pp. 2011–2015.
M. Ester, H.P. Kriegel, J. Sander, X. Xu, A density-based algorithm for discovering clusters in large spatial databases with noise, Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD-96), AAAI Press, Portland, Oregon, 1996, pp. 226–231.
TSUBAME, Available from: https://www.jpcert.or.jp/tsubame/.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).
About this article
Cite this article
Narita, M. An Empirical Study on Darknet Visualization Based on Topological Data Analysis. Int J Netw Distrib Comput 9, 52–58 (2021). https://doi.org/10.2991/ijndc.k.201231.001
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.2991/ijndc.k.201231.001