Journal ArticleDOI
Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization
Claude Fachkha,Mourad Debbabi +1 more
Reads0
Chats0
TLDR
A survey on darknet finds that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology, and specific darknet areas that require a significantly greater amount of attention from the research community are identified.Abstract:
Today, the Internet security community largely emphasizes cyberspace monitoring for the purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The latter is an effective approach to observe Internet activities and cyber attacks via passive monitoring. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. Moreover, in order to provide realistic measures and analysis of darknet information, we report case studies, namely, Conficker worm in 2008 and 2009, Sality SIP scan botnet in 2011, and the largest amplification attack in 2014. Finally, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Darknet projects are found to monitor various cyber threat activities and are distributed in one third of the global Internet. We further identify that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology. In addition, as far as darknet analysis is considered, computer worms and scanning activities are found to be the most common threats that can be investigated throughout darknet; Code Red and Slammer/Sapphire are the most analyzed worms. Furthermore, our study uncovers various lacks in darknet research. For instance, less than 1% of the contributions tackled distributed reflection denial of service (DRDoS) amplification investigations, and at most 2% of research works pinpointed spoofing activities. Last but not least, our survey identifies specific darknet areas, such as IPv6 darknet, event monitoring, and game engine visualization methods that require a significantly greater amount of attention from the research community.read more
Citations
More filters
Journal ArticleDOI
Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations
TL;DR: A unique taxonomy is provided, which sheds the light on IoT vulnerabilities, their attack vectors, impacts on numerous security objectives, attacks which exploit such vulnerabilities, corresponding remediation methodologies and currently offered operational cyber security capabilities to infer and monitor such weaknesses.
Journal ArticleDOI
Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges
Neha Agrawal,Shashikala Tapaswi +1 more
TL;DR: This paper presents a comprehensive taxonomy of all the possible variants of cloud DDoS attacks solutions with detailed insight into the characterization, prevention, detection, and mitigation mechanisms with a detailed discussion on essential performance metrics to evaluate various defense solutions and their behavior in a cloud environment.
Proceedings ArticleDOI
Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis.
TL;DR: This paper uniquely exploits passive monitoring and analysis of a newly deployed network telescope IP address space in a first attempt ever to build broad notions of real CPS maliciousness and proposes and empirically evaluates an innovative hybrid approach rooted in time-series analysis and context triggered piecewise hashing to infer, characterize and cluster orchestrated and well-coordinated probing activities targeting CPS protocols.
Proceedings ArticleDOI
An analysis of the witty outbreak: exploiting underlying structure for detailed reconstruction of an internet-scale event
TL;DR: It is shown that by carefully exploiting the structure of the worm, especially its pseudo-random number generation, from limited and imperfect telescope data, this work can with high fidelity extract the individual rate at which each infectee injected packets into the network prior to loss.
Journal ArticleDOI
On data-driven curation, learning, and analysis for inferring evolving internet-of-Things (IoT) botnets in the wild
Morteza Safaei Pour,Antonio Mangino,Kurt Friday,Matthias Rathbun,Elias Bou-Harb,Farkhund Iqbal,Sagar Samtani,Jorge Crichigno,Nasir Ghani +8 more
TL;DR: This work aims to classify and infer Internet-scale compromised IoT devices by solely observing one-way network traffic, while also uncovering, reporting and thoroughly analyzing “in the wild” IoT botnets, and makes the source codes of all the developed methods and techniques available to the research community at large.
References
More filters
Journal ArticleDOI
Matching pursuits with time-frequency dictionaries
Stéphane Mallat,Zhifeng Zhang +1 more
TL;DR: The authors introduce an algorithm, called matching pursuit, that decomposes any signal into a linear expansion of waveforms that are selected from a redundant dictionary of functions, chosen in order to best match the signal structures.
Learning and Teaching Styles in Engineering Education.
TL;DR: A self-scoring web-based instrument called the Index of Learning Styles that assesses preferences on four scales of the learning style model developed in the paper currently gets about 100,000 hits a year and has been translated into half a dozen languages.
Book ChapterDOI
Freenet: a distributed anonymous information storage and retrieval system
TL;DR: Freenet as discussed by the authors is an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers, but it does not provide any centralized location index.
Journal ArticleDOI
Anomaly-based network intrusion detection: Techniques, systems and challenges
TL;DR: The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.
Freenet : A Distributed Anonymous Information Storage and Retrieval System
TL;DR: Freenet is described, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers.