Abstract
<p>The darknet monitoring system consists of network sensors widely deployed on the Internet to capture incoming unsolicited packets. A goal of this system is to analyse captured malicious packets and provide effective information to protect regular nonmalicious Internet users from malicious activities. To provide effective and reliable information, the location of sensors must be concealed. However, attackers launch localisation attacks to detect sensors in order to evade them. If the actual location of sensors is revealed, it is almost impossible to identify the latest tactics used by attackers. Thus, in a previous study, we proposed a packet sampling method, which samples incoming packets based on an attribute of the packet sender, to increase tolerance to a localisation attack and maintain the quality of information publicised by the system. We were successful in countering localisation attacks, which generate spikes on the publicised graph to detect a sensor. However, in some cases, with the previously proposed sampling method, spikes were clearly evident on the graph. Therefore, in this paper, we propose advanced sampling methods such that incoming packets are sampled based on multiple attributes of the packet sender. We present our improved methods and show promising evaluation results obtained via a simulation.</p>
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Indonesian Journal of Electrical Engineering and Computer Science
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
