To search, Click below search items. |
| All Published Papers Search Service |
|
|
|
Title |
Transaction Analysis of Russian Malicious Cyber Activity on SINET |
|
Author |
Ruo Ando |
| Citation |
Vol. 25 No. 9 pp. 1-6 |
|
Abstract |
We address the problem of detecting malicious communications in environments where IP-based reputation is costly to maintain and fragile under adversarial churn. We propose a transaction-centric representation that groups related log events into sessions using standard maxspan and maxpause constraints, and we extract three interpretable features per transaction?event count, duration, and concurrency. Embedding transactions in this three-dimensional (3D) space yields geometry that is both human-interpretable and amenable to lightweight outlier detection; in practice, suspicious behaviors manifest as stable high-density departures across inbound/outbound traffic and parameter regimes. The approach is payload-agnostic (robust to encryption), reduces dependence on external threat intelligence, and lowers downstream learning complexity by working in a low-dimensional, well-separated feature space. We deploy the method on SINET, a large Japanese academic backbone with dynamic addressing and heavy international connectivity, and we demonstrate that (i) transaction geometry reveals characteristic differences between maxspan- and maxpause-driven sessionization, (ii) outlier regions identified in the 3D space align with operator-validated anomalies across directions of flow, and (iii) simple density/thresholding schemes operating on these features provide an effective screening layer that complements conventional reputation pipelines. Collectively, our results indicate that transaction-based modeling offers a practical, computationally economical alternative for first-line malicious-communication detection in high-throughput research networks. |
|
Keywords |
Transaction Analysi, Russian Malicious Cyber Activit, SINET, High through |
|
URL |
