| Presentation | 2006-10-17 nicter : An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis Koji NAKAO, Katsunari YOSHIOKA, Masashi ETO, Daisuke INOUE, Kenji RIKITAKE, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | As network security incidents are being more complex and serious, activities of network monitoring, incident analysis and response are becoming increasingly important. In this paper, we propose an incident analysis system called nicter. The nicter monitors wide range of networks by distributed sensors for detecting an incident candidate (IC), such as unseen attacking behaviors or a sudden increase of certain type of traffics, which may indicate the occurrence of incidents. The nicter also keeps collecting malware executables in the wild using various malware capturing techniques and analyzing their internal and external behaviors and characteristics. The macroscopic analysis results from network monitoring and microscopic analysis results from malware analysis are correlated so that the detected ICs are bound with their possible root causes, namely propagations of malwares. We describe the macro-micro correlation with an actual analysis case as well as explaining the role of each analysis method. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | network security / incident analysis system / network monitoring / malware analysis / integrated incident handling and response |
| Paper # | DE2006-123,DC2006-30 |
| Date of Issue |
| Conference Information | |
| Committee | DE |
|---|---|
| Conference Date | 2006/10/10(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Data Engineering (DE) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | nicter : An Incident Analysis System for the Global Internet using Correlation between Network Monitoring and Malware Analysis |
| Sub Title (in English) | |
| Keyword(1) | network security |
| Keyword(2) | incident analysis system |
| Keyword(3) | network monitoring |
| Keyword(4) | malware analysis |
| Keyword(5) | integrated incident handling and response |
| 1st Author's Name | Koji NAKAO |
| 1st Author's Affiliation | National Institute of Information and Communications Technology() |
| 2nd Author's Name | Katsunari YOSHIOKA |
| 2nd Author's Affiliation | National Institute of Information and Communications Technology |
| 3rd Author's Name | Masashi ETO |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology |
| 4th Author's Name | Daisuke INOUE |
| 4th Author's Affiliation | National Institute of Information and Communications Technology |
| 5th Author's Name | Kenji RIKITAKE |
| 5th Author's Affiliation | National Institute of Information and Communications Technology |
| Date | 2006-10-17 |
| Paper # | DE2006-123,DC2006-30 |
| Volume (vol) | vol.106 |
| Number (no) | 290 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |