Network Traffic Screening Using Frequent Sequential Patterns

  • Hisashi Tsuruta
  • Takayoshi Shoudai
  • Jun’ichi Takeuchi
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 110)


Darknet monitoring is very important for understanding various botnet activities for early detection and defense the threats on the Internet caused by the botnets. However, common illegal accesses by ordinary malware make such detection difficult. To remove such accesses by ordinary malware from the results of network monitoring, we propose a data screening method based on finding frequent sequential patterns that appear in given traffic data. We applied our method to traffic data observed in the darknet and report the results.


Incident detection Frequent pattern mining Sequential pattern Data screening Darknet monitoring 



This research is supported by the National Institute of Information and Communications Technology (NICT) of Japan, entitled “Research and Development for Widespread High-speed Incident Analysis”.


  1. 1.
    Arimura H, Shinohara T, Otsuki S (1994) Finding minimal generalizations for unions of pattern languages and its application to inductive inference from positive data. Proceedings of The 11th Symposium on Theoretical Aspects of Computer Science, Springer, Lecture Notes in Computer Science 775:649–660MathSciNetGoogle Scholar
  2. 2.
    Fukushima Y, Hori Y, Sakurai K (2009) A consideration of feature extraction for attacks on darknet. IEICE technical report, 109(285):37–42, in JapaneseGoogle Scholar
  3. 3.
  4. 4.
    Kim M, Kang H, Hong S, Chung S, Hong JW (2004) A flow-based method for abnormal network traffic detection. Proc IEEE/IFIP Network Oper Manag Sym (1):599–612Google Scholar
  5. 5.
    Miyahara T, Suzuki Y, Shoudai T, Uchida T, Takahashi K, Ueda H (2002) Discovery of frequent tag tree patterns in semistructured web documents. Proceedings of The 5th Pacific-Asia Conference on Knowledge Discovery and Data Mining, Springer, Lecture Notes in Artificial Intelligence, 2336:341–355Google Scholar
  6. 6.
  7. 7.
    SANS Internet Storm Center.
  8. 8.
    Tsuruta H, Shoudai T, Takeuchi J (2011) Frequent sequential pattern discovery for data screening, Lecture notes in engineering and computer science: Proceedings of the international multiConference of engineers and computer scientists, IMECS 2011, 16–18 March, 2011, Hong Kong, pp 315–322Google Scholar
  9. 9.
    Yamasaki H, Sasaki Y, Shoudai T, Uchida T, Suzuki Y (2009) Learning block-preserving graph patterns and its application to data mining. Mach Learn 76(1):137–173CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  • Hisashi Tsuruta
    • 1
  • Takayoshi Shoudai
    • 1
  • Jun’ichi Takeuchi
    • 1
  1. 1.Department of InformaticsKyushu UniversityFukuokaJapan

Personalised recommendations