Along with the proliferation of Internet of Things (IoT) devices, cyberattacks towards these devices are on the rise. In this paper, we present a study on applying Association Rule Learning to discover the regularities of these attacks from the big stream data collected on a large-scale darknet. By exploring the regularities in IoT-related indicators such as destination ports, type of service, and TCP window sizes, we succeeded in discovering the activities of attacking hosts associated with well-known classes of malware programs. As a case study, we report an interesting observation of the attack campaigns before and after the first source code release of the well-known IoT malware Mirai. The experiments show that the proposed scheme is effective and efficient in early detection and tracking of activities of new malware on the Internet and hence induces a promising approach to automate and accelerate the identification and mitigation of new cyber threats.

中文翻译：

---

使用关联规则学习对Darknet传感器数据进行IoT恶意软件活动的研究

随着物联网（IoT）设备的激增，对这些设备的网络攻击也在增加。在本文中，我们将进行一项应用关联规则学习的研究，以从大规模暗网上收集的大数据流中发现这些攻击的规律性。通过探索与物联网相关的指标（例如目标端口，服务类型和TCP窗口大小）的规律性，我们成功地发现了攻击与知名恶意软件程序类别相关的主机的活动。作为案例研究，我们报告了著名的IoT恶意软件Mirai的第一个源代码发布之前和之后对攻击活动的有趣观察。。实验表明，该方案在早期检测和跟踪Internet上新恶意软件的活动方面是有效且高效的，因此引发了一种有希望的方法来自动化和加速对新网络威胁的识别和缓解。