| 講演名 | 2013-07-19 Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities , |
|---|---|
| PDFダウンロードページ |  PDFダウンロードページへ |
| 抄録(和) | |
| 抄録(英) | Many of recent cyber-attacks are being lunched by botnets for the purpose of carrying out large scale cyber-attacks such as DDoS, spam email, network scanning, and so on. In many cases, these botnets consist of a lot of bots or compromised PCs, which have been infected by specific malware. These bots try to propagate themselves into other victim via the multiple C&C servers in the Internet, which are controlled by a remote botmaster. This makes it more difficult to identify botnet attacks and harder to trace the source country/IP address of the botmaster. To identify the C&C servers during malware/bot downloading phase, time zone correlation can be used as a tool to identify the time zone of the C&C servers. In this paper, we do a time zone correlation analysis with the malware download up to 100 honeypots in the IIJ MITF (Internet Ini-tiative Japan - Malware Investigation Task Force) Dataset 2012 comprising over 30 million data records and almost 5 hundreds unique malware names. Baesd on GeoIP service, a time zone correlation model has been proposed to determine the correlation coefficient between malware dwnloads from Japan and other countries. We found a strong correlation between ac-tive bot downloads and time zone of the C&C servers. As a result, our model confirmts that malware/bot downloads are synchronized with time zone (country) of the corresponding C&C servers. |
| キーワード(和) | |
| キーワード(英) | Malware / Botnet / honeypot / IIJ Dataset / CCC Dataset / Correlation Analysis |
| 資料番号 | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
| 発行日 |
| 研究会情報 | |
| 研究会 | ICSS |
|---|---|
| 開催期間 | 2013/7/11(から1日開催) |
| 開催地(和) | |
| 開催地(英) | |
| テーマ(和) | |
| テーマ(英) | |
| 委員長氏名(和) | |
| 委員長氏名(英) | |
| 副委員長氏名(和) | |
| 副委員長氏名(英) | |
| 幹事氏名(和) | |
| 幹事氏名(英) | |
| 幹事補佐氏名(和) | |
| 幹事補佐氏名(英) | |
| 講演論文情報詳細 | |
| 申込み研究会 | Information and Communication System Security (ICSS) |
|---|---|
| 本文の言語 | ENG |
| タイトル(和) | |
| サブタイトル(和) | |
| タイトル(英) | Time Zone Analysis on IIJ Network Traffic for Malicious Botnet Activities |
| サブタイトル(和) | |
| キーワード(1)(和/英) | / Malware |
| 第 1 著者 氏名(和/英) | / Khamphao SISAAT |
| 第 1 著者 所属(和/英) | The authors are with the Faculty of Engineering, King Mongkut's Institute of Technology Ladkrabang, Thailand. |
| 発表年月日 | 2013-07-19 |
| 資料番号 | ISEC2013-47,SITE2013-42,ICSS2013-52,EMM2013-49 |
| 巻番号(vol) | vol.113 |
| 号番号(no) | 137 |
| ページ範囲 | pp.- |
| ページ数 | 8 |
| 発行日 | |