@inproceedings{ffff30f2661a4cd790e5c5b4476c9cb7,
title = "Dante: A framework for mining and monitoring darknet traffic",
abstract = "Trillions of network packets are sent over the Internet to destinations which do not exist. This {\textquoteleft}darknet{\textquoteright} traffic captures the activity of botnets and other malicious campaigns aiming to discover and compromise devices around the world. In this paper, we present DANTE: a framework and algorithm for mining darknet traffic. DANTE learns the meaning of targeted network ports by applying Word2Vec to observed port sequences. To detect recurring behaviors and new emerging threats, DANTE uses a novel and incremental time-series cluster tracking algorithm on the observed sequences. To evaluate the system, we ran DANTE on a full year of darknet traffic (over three Tera-Bytes) collected by the largest telecommunications provider in Europe, Deutsche Telekom and analyzed the results. DANTE discovered 1,177 new emerging threats and was able to track malicious campaigns over time.",
keywords = "Blackhole, Darknet, Machine learning, Port embedding",
author = "Dvir Cohen and Yisroel Mirsky and Manuel Kamp and Tobias Martin and Yuval Elovici and Rami Puzis and Asaf Shabtai",
note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 25th European Symposium on Research in Computer Security, ESORICS 2020 ; Conference date: 14-09-2020 Through 18-09-2020",
year = "2020",
month = jan,
day = "1",
doi = "10.1007/978-3-030-58951-6_5",
language = "English",
isbn = "9783030589509",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "88--109",
editor = "Liqun Chen and Steve Schneider and Ninghui Li and Kaitai Liang",
booktitle = "Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings",
address = "Germany",
}