Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

Katsuya Nishijima; Takao Kondo; Tatsumi Hosokawa; Tomohiro Shigemoto; Nobutaka Kawaguchi; Hiroyuki Hasegawa; Hideyuki Honda; Yasuhito Suzuki; Tadashi Kaji; Osamu Nakamura

doi:10.1109/CANDARW53999.2021.00065

Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

Katsuya Nishijima, Takao Kondo, Tatsumi Hosokawa, Tomohiro Shigemoto, Nobutaka Kawaguchi, Hiroyuki Hasegawa, Hideyuki Honda, Yasuhito Suzuki, Tadashi Kaji, Osamu Nakamura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations.

Original language	English
Title of host publication	Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	346-351
Number of pages	6
ISBN (Electronic)	9781665428354
DOIs	https://doi.org/10.1109/CANDARW53999.2021.00065
Publication status	Published - 2021
Event	9th International Symposium on Computing and Networking Workshops, CANDARW 2021 - Virtual, Online, Japan Duration: 2021 Nov 23 → 2021 Nov 26

Publication series

Name	Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

Conference

Conference	9th International Symposium on Computing and Networking Workshops, CANDARW 2021
Country/Territory	Japan
City	Virtual, Online
Period	21/11/23 → 21/11/26

Keywords

darknet
darknet placement
similarity analysis

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Information Systems
Software

Access to Document

10.1109/CANDARW53999.2021.00065

Cite this

Nishijima, K., Kondo, T., Hosokawa, T., Shigemoto, T., Kawaguchi, N., Hasegawa, H., Honda, H., Suzuki, Y., Kaji, T., & Nakamura, O. (2021). Verification of the Effectiveness to Monitor Darknet across Multiple Organizations. In Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021 (pp. 346-351). (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDARW53999.2021.00065

Verification of the Effectiveness to Monitor Darknet across Multiple Organizations. / Nishijima, Katsuya; Kondo, Takao; Hosokawa, Tatsumi et al.

Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 346-351 (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nishijima, K, Kondo, T, Hosokawa, T, Shigemoto, T, Kawaguchi, N, Hasegawa, H, Honda, H, Suzuki, Y, Kaji, T & Nakamura, O 2021, Verification of the Effectiveness to Monitor Darknet across Multiple Organizations. in Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021. Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021, Institute of Electrical and Electronics Engineers Inc., pp. 346-351, 9th International Symposium on Computing and Networking Workshops, CANDARW 2021, Virtual, Online, Japan, 21/11/23. https://doi.org/10.1109/CANDARW53999.2021.00065

Nishijima K, Kondo T, Hosokawa T, Shigemoto T, Kawaguchi N, Hasegawa H et al. Verification of the Effectiveness to Monitor Darknet across Multiple Organizations. In Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 346-351. (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021). doi: 10.1109/CANDARW53999.2021.00065

Nishijima, Katsuya ; Kondo, Takao ; Hosokawa, Tatsumi et al. / Verification of the Effectiveness to Monitor Darknet across Multiple Organizations. Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 346-351 (Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021).

@inproceedings{77cc42187f2a4b3b862383a211ad55b0,

title = "Verification of the Effectiveness to Monitor Darknet across Multiple Organizations",

abstract = "Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations. ",

keywords = "darknet, darknet placement, similarity analysis",

author = "Katsuya Nishijima and Takao Kondo and Tatsumi Hosokawa and Tomohiro Shigemoto and Nobutaka Kawaguchi and Hiroyuki Hasegawa and Hideyuki Honda and Yasuhito Suzuki and Tadashi Kaji and Osamu Nakamura",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 9th International Symposium on Computing and Networking Workshops, CANDARW 2021 ; Conference date: 23-11-2021 Through 26-11-2021",

year = "2021",

doi = "10.1109/CANDARW53999.2021.00065",

language = "English",

series = "Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "346--351",

booktitle = "Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021",

}

TY - GEN

T1 - Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

AU - Nishijima, Katsuya

AU - Kondo, Takao

AU - Hosokawa, Tatsumi

AU - Shigemoto, Tomohiro

AU - Kawaguchi, Nobutaka

AU - Hasegawa, Hiroyuki

AU - Honda, Hideyuki

AU - Suzuki, Yasuhito

AU - Kaji, Tadashi

AU - Nakamura, Osamu

PY - 2021

Y1 - 2021

N2 - Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations.

AB - Researchers and network operators regularly monitor unused Internet address space called the darknet to understand malicious activities on the Internet such as malware infections, DDoS, and scanning to find vulnerable systems. The purpose of this study is to demonstrate the effectiveness of darknet monitoring across multiple organizations by conducting a detailed similarity analysis. In this paper, we analyze darknet data observed in two organizations in different industries and the first octet subnet range. We compared the results of the similarity analysis between intra-organization and inter-organization calculations by dividing the address space into multiple blocks so that one organization conducts similarity analysis in an intra-organization manner. The results show that the similarity of the source hosts is lower in the inter-organization calculation than in the intra-organization calculation. In addition, we monitor more source hosts in inter-organization. Moreover, this work also reports that the results differ depending on the destination ports/protocols. From the results obtained, we clarified the effectiveness of distributing the monitoring points of the darknet across multiple organizations.

KW - darknet

KW - darknet placement

KW - similarity analysis

UR - http://www.scopus.com/inward/record.url?scp=85124130870&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85124130870&partnerID=8YFLogxK

U2 - 10.1109/CANDARW53999.2021.00065

DO - 10.1109/CANDARW53999.2021.00065

M3 - Conference contribution

AN - SCOPUS:85124130870

T3 - Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

SP - 346

EP - 351

BT - Proceedings - 2021 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 9th International Symposium on Computing and Networking Workshops, CANDARW 2021

Y2 - 23 November 2021 through 26 November 2021

ER -

Verification of the Effectiveness to Monitor Darknet across Multiple Organizations

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this