查看文章

Most packets arriving in the darknet (or network telescope), which is unused IP address space on the Internet, are related to indiscriminate scanning and attack activities. In recent years, the number of indiscriminate scanning attacks observed on the darknet has increased in diversity and quantity. In our earlier study, we proposed a framework called Dark-TRACER that detects anomalies in spatiotemporal pattern synchronization by using darknet data, with the aim being early detection of malware-caused indiscriminate scanning attacks. Although Dark-TRACER has achieved an average of 126.4 days earlier threat detection, we have not been able to determine whether there is a relationship between the early detections and the actual threats. Hence, in this paper, we perform a cross-checking analysis to identify if any information links the detections and the actual threats. As a result, we confirmed the validity of our …