Time Zone Correlation Analysis of Malware/Bot Downloads
スポンサーリンク
概要
- 論文の詳細を見る
A botnet attacks any Victim Hosts via the multiple Command and Control (C&C) Servers, which are controlled by a botmaster. This makes it more difficult to detect the botnet attacks and harder to trace the source country of the botmaster due to the lack of the logged data about the attacks. To locate the C&C Servers during malware/bot downloading phase, we have analyzed the source IP addresses of downloads to more than 90 independent Honeypots in Japan in the CCC (Cyber Clean Center) dataset 2010 comprising over 1 million data records and almost 1 thousand malware names. Based on GeoIP services, a Time Zone Correlation model has been proposed to determine the correlation coefficient between bot downloads from Japan and other source countries. We found a strong correlation between active malware/bot downloads and time zone of the C&C Servers. As a result, our model confirms that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C Servers so that the botmaster can be possibly traced.
著者
-
Terada Masato
Hitachi Incident Response Team (hirt) Hitachi Ltd.
-
Kikuchi Hiroaki
Department Electrical Engineering Tokai Univeristy
-
FUJIWARA Masashi
Hitachi Incident Response Team (HIRT), Hitachi, Ltd.
-
SISAAT Khamphao
Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang
-
MATSUO Shunji
Fujitsu, Ltd.
-
KITTITORNKUN Surin
Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang
-
KITTITORNKUN Surin
Faculty of Engineering, King Mongkut's Institute of Technology
関連論文
- Oblivious Comparator and Its Application to Secure Auction Protocol (特集:プライバシを保護するコンピュータセキュリティ技術)
- Frequent Sequential Attack Patterns of Malware in Botnets
- Microwave coagulation therapy for hepatocellular carcinoma
- Heparin Reduces Serum Levels of Endothelin-1 and Hepatic Ischemia Reperfusion Injury in Rabbits
- Comparative in vitro activity of carbapenem antibiotics against respiratory pathogens isolated in recent years
- Identification of Mycobacterium avium Complex Isolated in Eastern and Central Japan by Using DNA Probes
- Multi-Round Anonymous Auction Protocols (Special Issue on Internet Technology and Its Applications)
- Enhancement of the Efficacy of Anticancer Drugs with Electroporation : Successful Electrochemotherapy against Gastric Cancer Cell Lines in Vivo and in Vitro
- Enhancing the Effect of Anticancer Drugs against the Colorectal Cancer Cell Line with Electroporation
- Features of DNA Oligonucleosomal Fragmentation in Human Tumor Cell Lines and Its Detection by Flow Cytometry : Utility and Limitations
- Principal Component Analysis of Botnet Takeover
- Attaching of Poly(acrylic acid) to Inorganic Surface and Its Application to Enzyme Immobilization
- Side Chain Dynamics in Poly(ethyl acrylate) Studied by Molecular Dynamics Simulation
- Online Certification Status Verification with a Red-Black Hash Tree (特集:ユビキタス社会を支えるコンピュータセキュリティ技術)
- Online Certification Status Verification with a Red-Black Hash Tree
- Certificate Revocation Protocol Using k-Ary Hash Tree (Special Issue on Internet Technology)
- Estimation of Increase of Scanners Based on ISDAS Distributed Sensors
- Evaluation of a Classification Method of Web-pages with Decision Tree Algorithm
- FOREWORD
- Evaluation of a Classification Method of Web-pages with Decision Tree Algorithm (SCHOOL OF INFORMATION TECHNOLOGY AND ELECTRONICS)
- Analysis on the Sequential Behavior of Malware Attacks
- Principal Component Analysis of Botnet Takeover
- Time Zone Correlation Analysis of Malware/Bot Downloads
- Automated Port-scan Classification with Decision Tree and Distributed Sensors
- Development of Remote Control Vehicle via Internet and its Usability in terms of Quality of Service
- Privacy-preserving Collaborative Filtering Using Randomized Response
- Privacy-preserving Collaborative Filtering Using Randomized Response
- Mining Botnet Coordinated Attacks using Apriori-PrefixSpan Hybrid Algorithm
- Mining Botnet Coordinated Attacks using Apriori-PrefixSpan Hybrid Algorithm
- Estimation of Increase of Scanners Based on ISDAS Distributed Sensors
- Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities
- Online Certification Status Verification with a Red-Black Hash Tree