-
- ROSYID Nur Rohman
- Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang
-
- OHRUI Masayuki
- School of Science and Technology, Tokai University
-
- KIKUCHI Hiroaki
- School of Science and Technology, Tokai University
-
- SOORAKSA Pitikhate
- Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang
-
- TERADA Masato
- Hitachi Incident Response Team (HIRT), Hitachi, Ltd.
この論文をさがす
抄録
Overcoming the highly organized and coordinated malware threats by botnets on the Internet is becoming increasingly difficult. A honeypot is a powerful tool for observing and catching malware and virulent activity in Internet traffic. Because botnets use systematic attack methods, the sequences of malware downloaded by honeypots have particular forms of coordinated pattern. This paper aims to discover new frequent sequential attack patterns in malware automatically. One problem is the difficulty in identifying particular patterns from full yearlong logs because the dataset is too large for individual investigations. This paper proposes the use of a data-mining algorithm to overcome this problem. We implement the PrefixSpan algorithm to analyze malware-attack logs and then show some experimental results. Analysis of these results indicates that botnet attacks can be characterized either by the download times or by the source addresses of the bots. Finally, we use entropy analysis to reveal how frequent sequential patterns are involved in coordinated attacks.
収録刊行物
-
- IEICE Transactions on Information and Systems
-
IEICE Transactions on Information and Systems E94-D (11), 2139-2149, 2011
一般社団法人 電子情報通信学会
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1390282679356524416
-
- NII論文ID
- 10030193829
-
- NII書誌ID
- AA10826272
-
- BIBCODE
- 2011IEITI..94.2139R
-
- ISSN
- 17451361
- 09168532
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- Crossref
- CiNii Articles
-
- 抄録ライセンスフラグ
- 使用不可