Detection of Bot Infected PC Using Destination-based IP Address and Domain Name Whitelists
スポンサーリンク
概要
- 論文の詳細を見る
As a bot communicates with a malicious controller over a normal communication or an encrypted channel and updates its code frequently, it becomes difficult to detect an infected personal computer (PC) using a signature-based intrusion detection system (IDS) and an antivirus system (AV). As sending control and attack packets from the bot process are independent of the user operation, a behavior monitor is effective in detecting an anomaly communication. In this paper, we propose a bot detection technique that checks outbound packets with destination-based whitelists. If any outbound packets during the non-operating duration do not match the whitelists, the PC is considered to be infected by the bot. The whitelists are a set of legitimate IP addresses (IPs) and/or domain names (DNs). We implement the proposal system as a host-based detector and evaluate false negative (FN) and false positive (FP) performance.
著者
-
Takemori Keisuke
Kddi R & D Laboratories
-
Miyake Yutaka
Kddi R & D Labs. Inc.
-
Takemori Keisuke
KDDI R&D Laboratories Inc.
-
Sakai Takahiro
Graduate School of Science and Technology, Shizuoka University
-
Nishigaki Masakatsu
Graduate School of Science and Technology, Shizuoka University
関連論文
- Web Tracking Site Detection Based on Temporal Link Analysis and Automatic Blacklist Generation
- Anomaly Detection on Mobile Phone Based Operational Behavior(Contingency Management/Risk Management)
- (Network Services Basics) Notification of Certificate Revocation Status between Different Domains under a PKI System ( Object-Oriented Technologies)
- A-7-9 Key Management for Privacy Protection in Sensor Information Network using Threshold Cryptography
- A-7-18 Proposal of Privacy Protection Mechanism for Sensor Information Network
- TCP Gateway for Satellite-based Internet Service Considering Accommodation of Multiple Customers (特集 次世代移動通信ネットワークとその応用)
- Web Tracking Site Detection Based on Temporal Link Analysis and Automatic Blacklist Generation
- Detection of Bot Infected PC Using Destination-based IP Address and Domain Name Whitelists
- Secure Host Name Resolution Infrastructure for Overlay Networks(Networking Technologies for Overlay Networks)
- Service Independent Access Control Architecture for User Generated Content (UGC) and Its Implementation
- Software Protection Combined with Tamper-Proof Device
- IP Traceback Using DNS Logs against Bots
- Anomaly Detection on Mobile Phone Based Operational Behavior
- Fast Implementation of KCipher-2 for Software and Hardware
- Chosen-IV Correlation Power Analysis on KCipher-2 Hardware and a Masking-Based Countermeasure
- FOREWORD
- Securing distributed storage systems based on arbitrary regenerating codes
- BS-7-44 Decodability Attacks in XOR Network Coding
- Anomaly Detection on Mobile Phone Based Operational Behavior