Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies

Masayuki Ohta, Shu Sugimoto, Toshiharu Sugawara, Kensuke Fukuda, Toshio Hirotsu, Osamu Akashi

    Research output: Contribution to journalArticle

    1 Citation (Scopus)

    Abstract

    In this paper, we show the possibility of predicting the anomalous packets' behaviors to the near active addresses from small observation address space (Darknet) in Internet. We have proposed the distributed cooperative monitoring architecture (DCMA) which probes the anomalous packets that arrive at the distributed unused address segments and detects and defenses anomalous packets' behaviors to the near active addresses. To realize DCMA, it is necessary to investigate the time-series correlation between anomalous packets arriving at small observation address segments and those of near addresses. Thus, we calculated the correlation strength of anomalous packets that scan address segments from the pairs of the sub-observation address segments divided from the Darknet addresses. Furthermore, we observed the correlation strength when changing the sub-observation's size and investigated the size dependency of the correlation strength. As a result, we could indicate the possibility of predicting the anomalous packets' behaviors to the near address segments from small sub-observation addresses. We could also find that the base observation fixed to the specific sub-observation space contributes to the strong correlation coefficient. Therefore, these results imply that DCMA can predict the anomalous packets' behaviors to the near addresses using small observation space.

    Original languageEnglish
    Pages (from-to)129-139
    Number of pages11
    JournalComputer Software
    Volume28
    Issue number2
    Publication statusPublished - 2011

    Fingerprint

    Time series
    Monitoring
    Internet

    ASJC Scopus subject areas

    • Software

    Cite this

    Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies. / Ohta, Masayuki; Sugimoto, Shu; Sugawara, Toshiharu; Fukuda, Kensuke; Hirotsu, Toshio; Akashi, Osamu.

    In: Computer Software, Vol. 28, No. 2, 2011, p. 129-139.

    Research output: Contribution to journalArticle

    Ohta, M, Sugimoto, S, Sugawara, T, Fukuda, K, Hirotsu, T & Akashi, O 2011, 'Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies', Computer Software, vol. 28, no. 2, pp. 129-139.
    Ohta, Masayuki ; Sugimoto, Shu ; Sugawara, Toshiharu ; Fukuda, Kensuke ; Hirotsu, Toshio ; Akashi, Osamu. / Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies. In: Computer Software. 2011 ; Vol. 28, No. 2. pp. 129-139.
    @article{f91d84e7c22349668f445b7455008dcd,
    title = "Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies",
    abstract = "In this paper, we show the possibility of predicting the anomalous packets' behaviors to the near active addresses from small observation address space (Darknet) in Internet. We have proposed the distributed cooperative monitoring architecture (DCMA) which probes the anomalous packets that arrive at the distributed unused address segments and detects and defenses anomalous packets' behaviors to the near active addresses. To realize DCMA, it is necessary to investigate the time-series correlation between anomalous packets arriving at small observation address segments and those of near addresses. Thus, we calculated the correlation strength of anomalous packets that scan address segments from the pairs of the sub-observation address segments divided from the Darknet addresses. Furthermore, we observed the correlation strength when changing the sub-observation's size and investigated the size dependency of the correlation strength. As a result, we could indicate the possibility of predicting the anomalous packets' behaviors to the near address segments from small sub-observation addresses. We could also find that the base observation fixed to the specific sub-observation space contributes to the strong correlation coefficient. Therefore, these results imply that DCMA can predict the anomalous packets' behaviors to the near addresses using small observation space.",
    author = "Masayuki Ohta and Shu Sugimoto and Toshiharu Sugawara and Kensuke Fukuda and Toshio Hirotsu and Osamu Akashi",
    year = "2011",
    language = "English",
    volume = "28",
    pages = "129--139",
    journal = "Computer Software",
    issn = "0289-6540",
    publisher = "Japan Society for Software Science and Technology",
    number = "2",

    }

    TY - JOUR

    T1 - Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies

    AU - Ohta, Masayuki

    AU - Sugimoto, Shu

    AU - Sugawara, Toshiharu

    AU - Fukuda, Kensuke

    AU - Hirotsu, Toshio

    AU - Akashi, Osamu

    PY - 2011

    Y1 - 2011

    N2 - In this paper, we show the possibility of predicting the anomalous packets' behaviors to the near active addresses from small observation address space (Darknet) in Internet. We have proposed the distributed cooperative monitoring architecture (DCMA) which probes the anomalous packets that arrive at the distributed unused address segments and detects and defenses anomalous packets' behaviors to the near active addresses. To realize DCMA, it is necessary to investigate the time-series correlation between anomalous packets arriving at small observation address segments and those of near addresses. Thus, we calculated the correlation strength of anomalous packets that scan address segments from the pairs of the sub-observation address segments divided from the Darknet addresses. Furthermore, we observed the correlation strength when changing the sub-observation's size and investigated the size dependency of the correlation strength. As a result, we could indicate the possibility of predicting the anomalous packets' behaviors to the near address segments from small sub-observation addresses. We could also find that the base observation fixed to the specific sub-observation space contributes to the strong correlation coefficient. Therefore, these results imply that DCMA can predict the anomalous packets' behaviors to the near addresses using small observation space.

    AB - In this paper, we show the possibility of predicting the anomalous packets' behaviors to the near active addresses from small observation address space (Darknet) in Internet. We have proposed the distributed cooperative monitoring architecture (DCMA) which probes the anomalous packets that arrive at the distributed unused address segments and detects and defenses anomalous packets' behaviors to the near active addresses. To realize DCMA, it is necessary to investigate the time-series correlation between anomalous packets arriving at small observation address segments and those of near addresses. Thus, we calculated the correlation strength of anomalous packets that scan address segments from the pairs of the sub-observation address segments divided from the Darknet addresses. Furthermore, we observed the correlation strength when changing the sub-observation's size and investigated the size dependency of the correlation strength. As a result, we could indicate the possibility of predicting the anomalous packets' behaviors to the near address segments from small sub-observation addresses. We could also find that the base observation fixed to the specific sub-observation space contributes to the strong correlation coefficient. Therefore, these results imply that DCMA can predict the anomalous packets' behaviors to the near addresses using small observation space.

    UR - http://www.scopus.com/inward/record.url?scp=79960178540&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=79960178540&partnerID=8YFLogxK

    M3 - Article

    VL - 28

    SP - 129

    EP - 139

    JO - Computer Software

    JF - Computer Software

    SN - 0289-6540

    IS - 2

    ER -