Paper Info
Title
Practical Correlation Analysis Between Scan And Malware Profiles Against Zero-Day Attacks Based On Darknet Monitoring
Abstract
Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried Out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.
Year
DOI
Venue
2009
10.1587/transinf.E92.D.787
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS
Keywords
Field
DocType
network monitoring, darknet malware analysis, sandbox, correlation analysis
Static program analysis,Honeypot,Data mining,Detection theory,Computer science,Computer security,Artificial intelligence,Network monitoring,Malware analysis,Sandbox (computer security),Pattern recognition,Darknet,Malware
Journal
Volume
Issue
ISSN
E92D
5
1745-1361
Citations 
PageRank 
References 
7
0.79
2
Authors
4
Name
Order
Citations
PageRank
Koji Nakao119419.09
Daisuke Inoue270.79
Masashi Eto317016.36
Katsunari Yoshioka414722.92