Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities (情報通信システムセキュリティ) Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities

この論文にアクセスする

この論文をさがす

著者

抄録

Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Ini-tiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between ac-tive bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers.

収録刊行物

  • 電子情報通信学会技術研究報告. ICSS, 情報通信システムセキュリティ   [巻号一覧]

    電子情報通信学会技術研究報告. ICSS, 情報通信システムセキュリティ 113(137), 373-380, 2013-07-11  [この号の目次]

    一般社団法人電子情報通信学会

各種コード

  • NII論文ID(NAID)
    110009777992
  • NII書誌ID(NCID)
    AA12405413
  • 本文言語コード
    ENG
  • ISSN
    09135685
  • NDL 記事登録ID
    024746603
  • NDL 請求記号
    Z16-940
  • データ提供元
    NDL  NII-ELS 
ページトップへ