| Presentation | 2011-06-17 A Profiling Method of Attacking Hosts based on Scan Feature Extraction Masashi ETO, Yaichiro TAKAGI, Jungsuk SONG, Daisuke INOUE, Koji NAKAO, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In order to rapidly response against the network incidents observed in a global network monitoring system, it is important to recognize a specific malware specimen that induced the incident. To satisfy this requirement, this paper proposes a scan profiling method that focuses on the total count, interval, port number of packets incoming from individual attacking hosts so that we can derive the similarities among attacking hosts. Additionally, this paper discusses a method to cluster a number of attacking hosts with employing the scan profiler as a distance function of the clustering. Through some experimentations using practical data observed in our network monitoring system, we try to grasp the trend of malware activities in the Internet. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Network Incident / Malware / Correlation Analysis / Clustering |
| Paper # | IA2011-4,ICSS2011-4 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2011/6/9(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Profiling Method of Attacking Hosts based on Scan Feature Extraction |
| Sub Title (in English) | |
| Keyword(1) | Network Incident |
| Keyword(2) | Malware |
| Keyword(3) | Correlation Analysis |
| Keyword(4) | Clustering |
| 1st Author's Name | Masashi ETO |
| 1st Author's Affiliation | National Institute of Information and Communications Technology() |
| 2nd Author's Name | Yaichiro TAKAGI |
| 2nd Author's Affiliation | National Institute of Information and Communications Technology |
| 3rd Author's Name | Jungsuk SONG |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology |
| 4th Author's Name | Daisuke INOUE |
| 4th Author's Affiliation | National Institute of Information and Communications Technology |
| 5th Author's Name | Koji NAKAO |
| 5th Author's Affiliation | National Institute of Information and Communications Technology |
| Date | 2011-06-17 |
| Paper # | IA2011-4,ICSS2011-4 |
| Volume (vol) | vol.111 |
| Number (no) | 81 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |