Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities (情報通信システムセキュリティ) Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities

この論文をさがす

著者

抄録

Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Ini-tiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between ac-tive bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers.

収録刊行物

  • 電子情報通信学会技術研究報告. ICSS, 情報通信システムセキュリティ  

    電子情報通信学会技術研究報告. ICSS, 情報通信システムセキュリティ 113(137), 373-380, 2013-07-11 

    一般社団法人電子情報通信学会

各種コード

  • NII論文ID(NAID)
    110009777992
  • NII書誌ID(NCID)
    AA12405413
  • 本文言語コード
    ENG
  • ISSN
    09135685
  • NDL 記事登録ID
    024746603
  • NDL 請求記号
    Z16-940
  • データ提供元
    NDL 
ページトップへ