Network Traffic Screening Using Frequent Sequential Patterns
Darknet monitoring is very important for understanding various botnet activities for early detection and defense the threats on the Internet caused by the botnets. However, common illegal accesses by ordinary malware make such detection difficult. To remove such accesses by ordinary malware from the results of network monitoring, we propose a data screening method based on finding frequent sequential patterns that appear in given traffic data. We applied our method to traffic data observed in the darknet and report the results.
KeywordsIncident detection Frequent pattern mining Sequential pattern Data screening Darknet monitoring
This research is supported by the National Institute of Information and Communications Technology (NICT) of Japan, entitled “Research and Development for Widespread High-speed Incident Analysis”.
- 1.Arimura H, Shinohara T, Otsuki S (1994) Finding minimal generalizations for unions of pattern languages and its application to inductive inference from positive data. Proceedings of The 11th Symposium on Theoretical Aspects of Computer Science, Springer, Lecture Notes in Computer Science 775:649–660MathSciNetGoogle Scholar
- 2.Fukushima Y, Hori Y, Sakurai K (2009) A consideration of feature extraction for attacks on darknet. IEICE technical report, 109(285):37–42, in JapaneseGoogle Scholar
- 3.JPCERT/CC. http://www.jpcert.or.jp/english/
- 4.Kim M, Kang H, Hong S, Chung S, Hong JW (2004) A flow-based method for abnormal network traffic detection. Proc IEEE/IFIP Network Oper Manag Sym (1):599–612Google Scholar
- 5.Miyahara T, Suzuki Y, Shoudai T, Uchida T, Takahashi K, Ueda H (2002) Discovery of frequent tag tree patterns in semistructured web documents. Proceedings of The 5th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Lecture Notes in Artificial Intelligence, 2336:341–355Google Scholar
- 6.Nicter project. http://www.nict.go.jp/en/nsri/index.html
- 7.SANS Internet Storm Center. http://isc.sans.org/
- 8.Tsuruta H, Shoudai T, Takeuchi J (2011) Frequent sequential pattern discovery for data screening, Lecture notes in engineering and computer science: Proceedings of the international multiConference of engineers and computer scientists, IMECS 2011, 16–18 March, 2011, Hong Kong, pp 315–322Google Scholar