A malware collection and analysis framework based on darknet traffic
作者: Jungsuk Song , Jang-Won Choi , Sang-Soo Choi
DOI: 10.1007/978-3-642-34481-7_76
关键词:
摘要: Since a darknet is set of unused IP addresses(i.e., no real hosts are operated with them), we unable to observe the network traffic on it generally. In many cases, however, attackers or infected by some malwares send their attack codes target systems networks at random. Because this, gives us good opportunity monitor malicious activities that happening Internet. By analyzing traffic, able get an insight into recent trends, but there fatal limitation most have payload data. This means cannot collect from original traffic. this paper, propose malware collection and analysis framework based With proposed framework, in wild respond against potential cyber attacks using them. Our experimental results environments show effectiveness framework.
springer.com
sci-hub.st 参考文章(8)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, David Watson, None, The Internet Motion Sensor - A Distributed Blackhole Monitoring System. network and distributed system security symposium. ,(2005)
Koji NAKAO, Daisuke INOUE, Masashi ETO, Katsunari YOSHIOKA, Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring IEICE Transactions on Information and Systems. ,vol. 92, pp. 787- 798 ,(2009) , 10.1587/TRANSINF.E92.D.787
Masashi Eto, Daisuke Inoue, Jungsuk Song, Junji Nakazato, Kazuhiro Ohtaka, Koji Nakao, nicter: a large-scale network incident analysis system: case studies for understanding threat landscape european conference on computer systems. pp. 37- 45 ,(2011) , 10.1145/1978672.1978677
Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing. pp. 31- 39 ,(2008) , 10.1109/WISTDCS.2008.10
C. Leita, K. Mermoud, M. Dacier, ScriptGen: an automated script generation tool for Honeyd annual computer security applications conference. pp. 203- 214 ,(2005) , 10.1109/CSAC.2005.49
Michael Bailey, Evan Cooke, Farnam Jahanian, Andrew Myrick, Sushant Sinha, None, Practical Darknet Measurement conference on information sciences and systems. pp. 1496- 1501 ,(2006) , 10.1109/CISS.2006.286376