Naoki Hiroguchi, Khamphao Sisaat, Hiroaki Kikuchi, S. Kittitornkun
{"title":"恶意软件下载的地理可视化异常检测","authors":"Naoki Hiroguchi, Khamphao Sisaat, Hiroaki Kikuchi, S. Kittitornkun","doi":"10.1109/AsiaJCIS.2012.20","DOIUrl":null,"url":null,"abstract":"We study a linkage between attacks in cyberspace and incidents in our real world. For example, the Internet had been closed down in Egypt for preventing protests against President Hosni Mubarak. Meanwhile, for more than two weeks we have observed that no port-scan packet were sent from Egypt to Japan. This motivates us for this study to find any incident between botnet attacks which were involved many vulnerable servers and the real events occurred in the world. For this purpose, we developed the virtualization system on Google Earth service for plotting source IP addresses of botnet communications. We investigated the actual malware downloading events observed by more than 70 distributed honey pots in the Japanese backbone network. In order to automate the detection process, we study some anomaly detection schemes base on the entropy of honey pot activities. Our analysis shows some evidences that botnet attacks are involved in our real world.","PeriodicalId":130870,"journal":{"name":"2012 Seventh Asia Joint Conference on Information Security","volume":"2008 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Geographical Visualization of Malware Download for Anomaly Detection\",\"authors\":\"Naoki Hiroguchi, Khamphao Sisaat, Hiroaki Kikuchi, S. Kittitornkun\",\"doi\":\"10.1109/AsiaJCIS.2012.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We study a linkage between attacks in cyberspace and incidents in our real world. For example, the Internet had been closed down in Egypt for preventing protests against President Hosni Mubarak. Meanwhile, for more than two weeks we have observed that no port-scan packet were sent from Egypt to Japan. This motivates us for this study to find any incident between botnet attacks which were involved many vulnerable servers and the real events occurred in the world. For this purpose, we developed the virtualization system on Google Earth service for plotting source IP addresses of botnet communications. We investigated the actual malware downloading events observed by more than 70 distributed honey pots in the Japanese backbone network. In order to automate the detection process, we study some anomaly detection schemes base on the entropy of honey pot activities. Our analysis shows some evidences that botnet attacks are involved in our real world.\",\"PeriodicalId\":130870,\"journal\":{\"name\":\"2012 Seventh Asia Joint Conference on Information Security\",\"volume\":\"2008 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-08-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 Seventh Asia Joint Conference on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AsiaJCIS.2012.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 Seventh Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2012.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Geographical Visualization of Malware Download for Anomaly Detection
We study a linkage between attacks in cyberspace and incidents in our real world. For example, the Internet had been closed down in Egypt for preventing protests against President Hosni Mubarak. Meanwhile, for more than two weeks we have observed that no port-scan packet were sent from Egypt to Japan. This motivates us for this study to find any incident between botnet attacks which were involved many vulnerable servers and the real events occurred in the world. For this purpose, we developed the virtualization system on Google Earth service for plotting source IP addresses of botnet communications. We investigated the actual malware downloading events observed by more than 70 distributed honey pots in the Japanese backbone network. In order to automate the detection process, we study some anomaly detection schemes base on the entropy of honey pot activities. Our analysis shows some evidences that botnet attacks are involved in our real world.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
