%0 Journal Article %1 noauthororeditor %A Narita, %D 2019 %J IJIRIS:: International Journal of Innovative Research in Information Security %K aggregating decentralized internet landscape threat %N Issue VI %P 117-128 %R doi://10.26562/IJIRIS.2019.NVIS10080 %T INTERNET THREAT LANDSCAPE BY AGGREGATING DECENTRALIZED & RANDOMLY SELECTED TRAFFIC LOGS BASED ON DESTINATION PORTS %U http://www.ijiris.com/volumes/Vol6/iss06/01.NVIS10080.pdf %V Volume VI %X Localization attacks, in which IP addresses located as sensors comprising Darknet systems are detected, are well-known. Attackers can detect sensors in secret by sending probing traffic with concealed signals to the target network. In response to this, we have developed countermeasures using a dynamic monitoring method, in which there is a dynamic switchover of sensors reflected in the published monitoring results. In this study, we will consider a case wherein the attacker is attempting to embed concealed signals between multiple ports within one sensor. Therefore, we propose a countermeasure method in which there is dynamic monitoring of each destination port. In this paper, we have verified the impact on publishable monitoring results when applying the proposed method to the nicter Darknet in Japan.

@article{noauthororeditor, abstract = {Localization attacks, in which IP addresses located as sensors comprising Darknet systems are detected, are well-known. Attackers can detect sensors in secret by sending probing traffic with concealed signals to the target network. In response to this, we have developed countermeasures using a dynamic monitoring method, in which there is a dynamic switchover of sensors reflected in the published monitoring results. In this study, we will consider a case wherein the attacker is attempting to embed concealed signals between multiple ports within one sensor. Therefore, we propose a countermeasure method in which there is dynamic monitoring of each destination port. In this paper, we have verified the impact on publishable monitoring results when applying the proposed method to the nicter Darknet in Japan.}, added-at = {2019-11-25T18:17:19.000+0100}, author = {Narita}, biburl = {https://www.bibsonomy.org/bibtex/2acf22fd93a6e7e6cb90b35fd482e4b7f/ijiris}, description = {In this paper, we envisaged the attacker embedding concealed signals between multiple ports on one sensor for the purpose of detecting sensors on a Darknet monitoring system. We therefore proposed a new countermeasure method that performs dynamic monitoring for each observed port. The application of the proposed method had only a minimal impact on the monitoring of TCP packets. In addition, although there was an impact on the monitoring of UDP packets, the activity could detect obvious attacks, and would likely present no issues in terms of operation. Moving forward, we plan to implement inspection detection attacks embedding concealed signals between multiple ports, to evaluate the protection performance of the proposed method.}, doi = {doi://10.26562/IJIRIS.2019.NVIS10080}, interhash = {94b0c3d85f7d434ab56f73c26d470f14}, intrahash = {acf22fd93a6e7e6cb90b35fd482e4b7f}, issn = {2349-7017}, journal = {IJIRIS:: International Journal of Innovative Research in Information Security}, keywords = {aggregating decentralized internet landscape threat}, language = {English, French}, month = {November 2019}, note = {1. Symantec, 2019 Internet Security Threat Report, Vol. 24, 2019. 2. Akamai, 2019 State of the Internet / Security: Media Under Assault, 2019. https://www.akamai.com 3. J. Xia, S. Vangala, J. Wu, L. Gao, and K. Kwiat, “Effective Worm Detection for Various Scan Technique,” Journal of Computer Security, vol.14, no.4, pp.359–387, 2006. 4. W. Yu, X. Wang, X. Fu, D. Xuan, and W. Zhao, “An Invisible Localization Attack to Internet Threat Monitors,” IEEE Trans. Parallel and Distributed Systems, vol.20, no.11, pp.1611–1625, 2009. 5. M. Narita, K. Ogura, B.B. Bista, and T. Takata, “Evaluating a Dynamic Internet Threat Monitoring Method for Preventing PN Code-Based Localization Attack,” Proc. 17th International Conference on Network-Based Information Systems (NBiS 2014), 2014. 6. M. Narita, B.B. Bista, and T. Takata, “A Practical Study on Noise-Tolerant PN Code-Based Localisation Attacks to Internet Threat Monitors,” Int. J. Space-Based and Situated Computing, vol.3, no.4, pp.215–226, December 2013. 7. W. Yu, S. Wei, G. Ma, X. Fu, and N. Zhang, “On Effective Localization Attacks Against Internet Threat Monitors,” Proc. 2013 IEEE International Conference on Communications (ICC), pp.2011–2015, 2013. 8. UCSD Network Telescope. https://www.caida.org/projects/network telescope/ 9. Guillot, R. Fontugne, P. Winter, P. Me´rindol, A. King, A. Dainotti, and C. Pelsser, “Chocolatine: Outage Detection for Internet Background Radiation,” 10. Proc. Network Traffic Measurement and Analysis Conference (TMA), June 2019. DShield. http://www.dshield.org/ 11. M. Eto, D. Inoue, J. Song, J. Nakazato, K. Ohtaka, and K. Nakao, “nicter: A Large-Scale Network Incident Analysis System: Case Studies for Understanding Threat Landscape,” Proc. 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp.37–45, 2011. 12. D. Inoue, M. Eto, K. Suzuki, M. Suzuki, and K. Nakao, “DAEDALUS-VIZ: Novel Real-Time 3D Visualization for Darknet Monitoring-Based Alert System,” Proc. 9th International Symposium on Visualization for Cyber Security, pp.72–79, October 2012. 13. H. Kanehara, Y. Murakami, J. Shimamura, T. Takahashi, D. Inoue and N. Murata, “Real-time botnet detection using nonnegative tucker decomposition,” 14. Proc. the 34th ACM/SIGAPP Symposium on Applied Computing, pp.1337–1344, April 2019. 15. X. Fan, C. Li, and X. Dong, “ A Real-Time Network Security Visualization System Based on Incremental Learning (ChinaVis 2018),” J. Visualization, pp.1–15, October 2018. 16. Y. Shinoda, K. Ikai, and M. Itoh, “Vulnerabilities of Passive Internet Threat Monitors,” Proc. 14th USENIX Security Symposium, pp.209–224, 2005. 17. J. Bethencourt, J. Franklin, and M. Vernon, “Mapping Internet Sensors with Probe Response Attacks,” Proc. 14th USENIX Security Symposium, pp.193– 208, 2005. 18. S. Wei, D. Shen, L. Ge, W. Yu, E.P. Blasch, K.D. Pham, and G. Chen, “Secured Network Sensor-Based Defense System,” Proc. SPIE 9469, Sensors and Systems for Space Applications VIII, 2015. 19. W. Yu, N. Zhang, X. Fu, R. Bettati, and W. Zhao, “Localization Attacks to Internet Threat Monitors: Modeling and Countermeasures,” IEEE Trans. Computers, vol.59, no.12, pp.1655–1668, 2010. 20. ENISA, “Proactive Detection of Network Security Incidents, Report,” https://www.enisa.europa.eu/2011. 21. M. Kamizono et al., “anti Malware engineering WorkShop ~MWS Datasets 2015~,” MWS2015, 2015.}, number = {Issue VI}, pages = {117-128}, timestamp = {2019-11-25T18:17:19.000+0100}, title = {INTERNET THREAT LANDSCAPE BY AGGREGATING DECENTRALIZED & RANDOMLY SELECTED TRAFFIC LOGS BASED ON DESTINATION PORTS}, url = {http://www.ijiris.com/volumes/Vol6/iss06/01.NVIS10080.pdf}, volume = {Volume VI}, year = 2019 }