6533b821fe1ef96bd127b85f
RESEARCH PRODUCT
Deep in the Dark: A Novel Threat Detection System using Darknet Traffic
Timo HämäläinenHarald VrankenJoost Van DijkSanjay Kumarsubject
021110 strategic defence & security studiesSpoofing attackComputer scienceNetwork telescopeDarknetComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS0211 other engineering and technologiesBotnetDenial-of-service attack02 engineering and technologyComputer securitycomputer.software_genre0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingcomputerdescription
This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic. Traffic destined to Darknet is either malicious or by misconfiguration. Darknet traffic contains traces of several threats such as DDoS attacks, botnets, spoofing, probes and scanning attacks. We analyse darknet traffic by extracting network traffic features from it that help in finding patterns of these advanced threats. We collected the darknet traffic from the network sensors deployed at SURFnet and extracted several network-based features. In this study, we proposed a framework that uses supervised machine learning and a concept drift detector. Our experimental results show that our classifiers can easily distinguish between benign and malign traffic and are able to detect known and unknown threats effectively with an accuracy above 99%.
| year | journal | country | edition | language |
|---|---|---|---|---|
| 2019-12-01 |