利用蜜罐探测恶意软件感染网络的防火墙

Proceedings of the 14th International Conference on Future Internet Technologies Pub Date : 2019-08-07 DOI:10.1145/3341188.3341190

Hyuga Kobayashi, Zhiqing Zhang, H. Ochiai, H. Esaki

{"title":"利用蜜罐探测恶意软件感染网络的防火墙","authors":"Hyuga Kobayashi, Zhiqing Zhang, H. Ochiai, H. Esaki","doi":"10.1145/3341188.3341190","DOIUrl":null,"url":null,"abstract":"Today, regardless of firewalls deployed at the gateway of the local area networks (LAN), the hosts inside the LAN are frequently got infected by malware. Firewall should be the basic protection scheme, but the effectiveness of firewalls has been recently questioned. We propose a federation scheme of Firewall Probe and Honeypot for investigating the firewall type of malware-infected networks. By capturing network scan made on the Internet by honeypot, we can find the malicious source, and we deploy our firewall probe targeting to the source and categorize the network type into Type A (safe) ... Type E (alert). We investigated firewalls remotely in this way for both randomly-selected networks in global and malware-infected networks. The experiment results indicate that about 91.9% of malware-infected networks does not have even basic firewalls, but left of the networks -- 8.1% were well-protected regarding their firewall. Even those well-protected networks certainly made malicious Internet scanning from behind their firewalls.","PeriodicalId":237715,"journal":{"name":"Proceedings of the 14th International Conference on Future Internet Technologies","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Probing Firewalls of Malware-Infected Networks with Honeypot\",\"authors\":\"Hyuga Kobayashi, Zhiqing Zhang, H. Ochiai, H. Esaki\",\"doi\":\"10.1145/3341188.3341190\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today, regardless of firewalls deployed at the gateway of the local area networks (LAN), the hosts inside the LAN are frequently got infected by malware. Firewall should be the basic protection scheme, but the effectiveness of firewalls has been recently questioned. We propose a federation scheme of Firewall Probe and Honeypot for investigating the firewall type of malware-infected networks. By capturing network scan made on the Internet by honeypot, we can find the malicious source, and we deploy our firewall probe targeting to the source and categorize the network type into Type A (safe) ... Type E (alert). We investigated firewalls remotely in this way for both randomly-selected networks in global and malware-infected networks. The experiment results indicate that about 91.9% of malware-infected networks does not have even basic firewalls, but left of the networks -- 8.1% were well-protected regarding their firewall. Even those well-protected networks certainly made malicious Internet scanning from behind their firewalls.\",\"PeriodicalId\":237715,\"journal\":{\"name\":\"Proceedings of the 14th International Conference on Future Internet Technologies\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 14th International Conference on Future Internet Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3341188.3341190\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 14th International Conference on Future Internet Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3341188.3341190","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

今天，无论在局域网(LAN)的网关部署防火墙，局域网内的主机经常受到恶意软件的感染。防火墙应该是基本的保护方案，但防火墙的有效性最近受到质疑。我们提出了一种防火墙探针和蜜罐的联合方案来研究恶意软件感染网络的防火墙类型。通过捕获蜜罐在Internet上进行的网络扫描，找到恶意源，并针对该源部署防火墙探测，将网络类型划分为A型(安全)。类型E(警报)。我们以这种方式对全球和恶意软件感染网络中随机选择的网络进行了远程防火墙调查。实验结果表明，大约91.9%的恶意软件感染网络甚至没有基本的防火墙，但剩下的网络——8.1%的网络在防火墙方面受到了很好的保护。即使是那些保护良好的网络，也肯定会从防火墙后面进行恶意的互联网扫描。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Probing Firewalls of Malware-Infected Networks with Honeypot

Today, regardless of firewalls deployed at the gateway of the local area networks (LAN), the hosts inside the LAN are frequently got infected by malware. Firewall should be the basic protection scheme, but the effectiveness of firewalls has been recently questioned. We propose a federation scheme of Firewall Probe and Honeypot for investigating the firewall type of malware-infected networks. By capturing network scan made on the Internet by honeypot, we can find the malicious source, and we deploy our firewall probe targeting to the source and categorize the network type into Type A (safe) ... Type E (alert). We investigated firewalls remotely in this way for both randomly-selected networks in global and malware-infected networks. The experiment results indicate that about 91.9% of malware-infected networks does not have even basic firewalls, but left of the networks -- 8.1% were well-protected regarding their firewall. Even those well-protected networks certainly made malicious Internet scanning from behind their firewalls.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 14th International Conference on Future Internet Technologies

自引率

0.00%

发文量