Frequent Sequential Attack Patterns of Malware in Botnets
スポンサーリンク
概要
- 論文の詳細を見る
More than 90 independent honeypots have observed malware traffc at the Japanese tier-1 backbone. Typical attacks are made by multiple servers coordinating to send many kinds of malwares. This paper aims to discover some frequent new sequential patterns of malware attacks. It is not easy to identify particular patterns from a-year-long logs because the volume dataset is too large to investigate one by one. To overcome the problem, this paper proposes a data mining algorithm, PrefixSpan method. We implement the PrefixSpan algorithm to analyze the malware traffc and show the experimental result. The result of the analysis shows the sequential patterns of malware attacks tend to be change all the time.
- 2010-02-25
著者
-
Masato Terada
Hitachi, Ltd. Hitachi Incident Response Team (HIRT)
-
Masato Terada
Hitachi Ltd. Hitachi Incident Response Team (hirt)
-
Masayuki Ohrui
Tokai University
-
Hiroaki Kikuchi
Tokai University
-
Pitikhate Sooraksa
King Mongkut's Institute of Technology Ladkrabang
-
Pitikhate Sooraksa
King Mongkut's Institute Of Technology Ladkrabang
関連論文
- Principal Component Analysis of Port-scans for Reduction of Distributed Sensors
- Frequent Sequential Attack Patterns of Malware in Botnets
- Frequent Sequential Attack Patterns of Malware in Botnets
- Automated Port-scan Classification with Decision Tree and Distributed Sensors
- Estimation of Increase of Scanners Based on ISDAS Distributed Sensors
- Principal Component Analysis of Botnet Takeover
- Perfect Privacy-preserving Automated Trust Negotiation
- Mining Botnet Coordinated Attacks using Apriori-PrefixSpan Hybrid Algorithm (Preprint)