nicter:面向绑定网络监控与恶意软件分析的事件分析系统

2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing Pub Date : 2008-04-21 DOI:10.1109/WISTDCS.2008.14

D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, K. Nakao

{"title":"nicter:面向绑定网络监控与恶意软件分析的事件分析系统","authors":"D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, K. Nakao","doi":"10.1109/WISTDCS.2008.14","DOIUrl":null,"url":null,"abstract":"We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the worldwide observatory of malicious behavior and attack tools (WOMBAT).","PeriodicalId":142886,"journal":{"name":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"53","resultStr":"{\"title\":\"nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis\",\"authors\":\"D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, K. Nakao\",\"doi\":\"10.1109/WISTDCS.2008.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the worldwide observatory of malicious behavior and attack tools (WOMBAT).\",\"PeriodicalId\":142886,\"journal\":{\"name\":\"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"53\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WISTDCS.2008.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WISTDCS.2008.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 53

摘要

我们一直在开发战术应急响应网络事件分析中心(nicter)，其目前的重点是检测和识别传播恶意软件，如蠕虫、病毒和机器人。该网络目前监控暗网(一组未使用的IP地址)，以观察网络威胁的宏观趋势。同时，它继续捕获和分析恶意软件的可执行文件，以进行微观分析。最后，将这些宏观和微观分析结果进行关联，以确定检测到的网络威胁的根本原因。本文简要介绍了nicter，以及对全球恶意行为和攻击工具(WOMBAT)的可能贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis

We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the worldwide observatory of malicious behavior and attack tools (WOMBAT).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing

自引率

0.00%

发文量