Analysis on the Sequential Behavior of Malware Attacks
スポンサーリンク
概要
- 論文の詳細を見る
Overcoming the highly organized and coordinated malware threats by botnets on the Internet is becoming increasingly difficult. A honeypot is a powerful tool for observing and catching malware and virulent activity in Internet traffic. Because botnets use systematic attack methods, the sequences of malware downloaded by honeypots have particular forms of coordinated pattern. This paper aims to discover new frequent sequential attack patterns in malware automatically. One problem is the difficulty in identifying particular patterns from full yearlong logs because the dataset is too large for individual investigations. This paper proposes the use of a data-mining algorithm to overcome this problem. We implement the PrefixSpan algorithm to analyze malware-attack logs and then show some experimental results. Analysis of these results indicates that botnet attacks can be characterized either by the download times or by the source addresses of the bots. Finally, we use entropy analysis to reveal how frequent sequential patterns are involved in coordinated attacks.
論文 | ランダム
- 818 角度の異なる圧子押込みにおける相似関係
- 22070 偏心を有する木質建物における粘弾性ダンパーの適用に関する研究(その2)(速度依存・免震・制震(3),構造III)
- 22069 偏心を有する木質建物における粘弾性ダンパーの適用に関する研究(その1)(速度依存・免震・制震(3),構造III)
- SF_6/N_2混合ガス中沿面放電のストリーマ・リーダ転換時間特性
- Fluoroalkene Skeleton as a Peptide Bond Mimetic : Its Scope and Limitations