发布求助
文献互助 智能选刊 最新文献

2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing最新文献

筛选
英文 中文
nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis nicter:面向绑定网络监控与恶意软件分析的事件分析系统
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI: 10.1109/WISTDCS.2008.14
D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, K. Nakao
{"title":"nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis","authors":"D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, K. Nakao","doi":"10.1109/WISTDCS.2008.14","DOIUrl":"https://doi.org/10.1109/WISTDCS.2008.14","url":null,"abstract":"We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the worldwide observatory of malicious behavior and attack tools (WOMBAT).","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126486883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 53
Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes 智能蜜罐协同检测未知恶意代码
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI: 10.1109/WISTDCS.2008.10
Jungsuk Song, H. Takakura, Y. Okabe
{"title":"Cooperation of Intelligent Honeypots to Detect Unknown Malicious Codes","authors":"Jungsuk Song, H. Takakura, Y. Okabe","doi":"10.1109/WISTDCS.2008.10","DOIUrl":"https://doi.org/10.1109/WISTDCS.2008.10","url":null,"abstract":"Honeypot is one of the most popular tools to decoy attackers into our network, and to capture lots of information about the activity of malicious attackers. By tracing and analyzing collected traffic data, we can find out unknown malicious codes under an experimental stage before some codes become hazardous to an application. Although many honeypots have been proposed, there is a common problem that they can be detected easily by malicious attackers. This is very important in success or failure of honeypots because if once an attacker notices that he/she is working on a honeypot, we can no longer observe his/her malicious activities. In this paper, we propose two types of honeypot to collect unforeseen exploit codes automatically while maintaining their concealment against malicious attackers; cooperation based active honeypot and self-protection type honeypot. We have evaluated the proposed honeypots which are deployed in Kyoto University, and showed that they have capability to collect some unknown malicious codes.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115391579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet Leurre.com项目:使用全球分布式蜜网收集互联网威胁信息
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI: 10.1109/WISTDCS.2008.8
Corrado Leita, V. Pham, Olivier Thonnard, E. S. Ramírez, F. Pouget, E. Kirda, M. Dacier
{"title":"The Leurre.com Project: Collecting Internet Threats Information Using a Worldwide Distributed Honeynet","authors":"Corrado Leita, V. Pham, Olivier Thonnard, E. S. Ramírez, F. Pouget, E. Kirda, M. Dacier","doi":"10.1109/WISTDCS.2008.8","DOIUrl":"https://doi.org/10.1109/WISTDCS.2008.8","url":null,"abstract":"This paper aims at presenting in some depth the Leurre.com project and its data collection infrastructure. Launched in 2003 by the Institut Eurecom, this project is based on a worldwide distributed system of honeypots running in more than 30 different countries. The main objective of the project is to get a more realistic picture of certain classes of threats happening on the Internet, by collecting unbiased quantitative data in a long-term perspective. In the first phase of the project, the data collection infrastructure relied solely on low-interaction sensors based on Honeyd to collect unsolicited traffic on the Internet. Recently, a second phase of the project was started with the deployment of medium-interaction honeypots based on the ScriptGen technology, in order to enrich the network conversations with the attackers. All network traces captured on the platforms are automatically uploaded into a centralized database accessible by the partners via a convenient interface. The collected traffic is also enriched with a set of contextual information (e.g. geographical localization and reverse DNS lookups). This paper presents this complex data collection infrastructure, and offers some insight into the structure of the central data repository. The data access interface has been developed to facilitate the analysis of today's Internet threats, for example by means of data mining tools. Some concrete examples are presented to illustrate the richness and the power of this data access interface. By doing so, we hope to encourage other researchers to share with us their knowledge and data sets, to complement or enhance our ongoing analysis efforts, with the ultimate goal of better understanding Internet threats.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133112715","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Techcrafters and Makecrafters: A Comparison of Two Populations of Hackers Techcrafters和makecters:两类黑客群体的比较
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI: 10.1109/WISTDCS.2008.9
T. Holt, M. Kilger
{"title":"Techcrafters and Makecrafters: A Comparison of Two Populations of Hackers","authors":"T. Holt, M. Kilger","doi":"10.1109/WISTDCS.2008.9","DOIUrl":"https://doi.org/10.1109/WISTDCS.2008.9","url":null,"abstract":"The frequency and sophistication of computer attacks have increased in the last decade as have reports concerning the involvement of organized crime and state sponsored groups in hack attacks. Information security research has improved our understanding of the attack methods used to compromise systems, though there is a need to consider the attitudes, ethics, and social behaviors of computer attackers. Such information can improve our knowledge of the sources of attacks, and increase our capability to profile the individuals responsible for these attacks. This study will explore the attitudinal and behavior differences in the hacker community using two samples of respondents collected from hacker conferences and a university information security course. A new framework for considering computer attackers is also proposed to reflect changes in the general dynamics of hacking and technology.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132575610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis 蜜网项目:数据收集工具、基础设施、档案和分析
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI: 10.1109/WISTDCS.2008.11
David Watson, Jamie Riden
{"title":"The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis","authors":"David Watson, Jamie Riden","doi":"10.1109/WISTDCS.2008.11","DOIUrl":"https://doi.org/10.1109/WISTDCS.2008.11","url":null,"abstract":"We briefly introduce the Honeynet Project, describe the honeynet data collection tools and techniques currently in use by it's members, review the types of data collected and research published, and present some current and proposed infrastructures for capturing and sharing honeypot-derived network attack data.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114956908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Honey@home: A New Approach to Large-Scale Threat Monitoring Honey@home:大规模威胁监测的新方法
2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2007-11-02 DOI: 10.1145/1314389.1314398
S. Antonatos, M. Athanatos, G. Kondaxis, J. Velegrakis, N. Hatzibodozis, S. Ioannidis, E. Markatos
{"title":"Honey@home: A New Approach to Large-Scale Threat Monitoring","authors":"S. Antonatos, M. Athanatos, G. Kondaxis, J. Velegrakis, N. Hatzibodozis, S. Ioannidis, E. Markatos","doi":"10.1145/1314389.1314398","DOIUrl":"https://doi.org/10.1145/1314389.1314398","url":null,"abstract":"Honeypots have been proven to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and with zero false positives. However, there are two pressing problems with existing approaches. The first problem is that timely detection requires deployment of honeypots in a large fraction of the network address space, which many organizations or ISPs cannot afford. The second problem is that attackers are evolving, and it has been shown that it is not difficult for them to identify honeypots and develop blacklists to avoid them when launching a new attack. In response to these problems, we propose a new architecture that enables large-scale deployment at low cost, while making it harder for attackers to maintain accurate blacklists. The Honey@home architecture relies on communities of regular users installing a lightweight honeypot that monitors unused IP addresses and ports. Since it does not require the static allocation of valuable chunks of network address space, and considering the success of other community-based approaches such as seti@home and folding@home, our approach is well-suited for creating a large-scale honeypot infrastructure at low cost. Since participation in the system is dynamic as users come and go, it becomes harder for attackers to maintain accurate blacklists. In this paper we discuss the current design of the Honey@home architecture, a preliminary implementation and describe the design issues that we faced especially with respect to infrastructure robustness, the challenges we have to deal with and the effectiveness of our approach.","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133324148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信