Analysis of time-series correlations of packet arrivals to Darknet and their size- and location-dependencies

Masayuki Ohta, Shu Sugimoto, Toshiharu Sugawara, Kensuke Fukuda, Toshio Hirotsu, Osamu Akashi

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

In this paper, we show the possibility of predicting the anomalous packets' behaviors to the near active addresses from small observation address space (Darknet) in Internet. We have proposed the distributed cooperative monitoring architecture (DCMA) which probes the anomalous packets that arrive at the distributed unused address segments and detects and defenses anomalous packets' behaviors to the near active addresses. To realize DCMA, it is necessary to investigate the time-series correlation between anomalous packets arriving at small observation address segments and those of near addresses. Thus, we calculated the correlation strength of anomalous packets that scan address segments from the pairs of the sub-observation address segments divided from the Darknet addresses. Furthermore, we observed the correlation strength when changing the sub-observation's size and investigated the size dependency of the correlation strength. As a result, we could indicate the possibility of predicting the anomalous packets' behaviors to the near address segments from small sub-observation addresses. We could also find that the base observation fixed to the specific sub-observation space contributes to the strong correlation coefficient. Therefore, these results imply that DCMA can predict the anomalous packets' behaviors to the near addresses using small observation space.

Original languageEnglish
Pages (from-to)129-139
Number of pages11
JournalComputer Software
Volume28
Issue number2
Publication statusPublished - 2011 Jul 15

    Fingerprint

ASJC Scopus subject areas

  • Software

Cite this