Presentation | 2014/5/15 Implementation of an Environment for Reproducing Targeted Attacks Yu TSUDA, MASAKI KAMIZONO, TAKASHI TOMINE, SHINGO YASUDA, RYOSUKE MIURA, TOSHIYUKI MIYACHI, MASASHI ETO, DAISUKE INOUE, KOJI NAKAO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Targeted attacks which aimed at a specific orgnization or company become an object of public concern. Targeted attacks have some attacking phases, for instance reconnaissance, installation exploitation and so on. According to some analyzing reports, attackers use various tools. Most of analyzing reports have results which include attacking tools and malwares individually. Therefore, relevances among the individual results are complemented of scenarios which analysts suppose, because analysts can not obtain attaking environments and harmful environments substantially. In this paper, we implement an environment for reproducing whole scenarios of targeted attacks in order to observing attackers' activities precisely. The environment has some attaking tools and a simulated C&C server as an attacker's zone. Also, we implement a victim's zone like a company's computing environment which is targeted from attackers. In addition, the environment has supporting zone which is used for reproducing attacking scenarios easily. At last, we produce a scenario of a targeted attack in this environment and discuss this environment with some logs such as Windows event logs, some server logs and network traffic data on the victim's zone. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | |
Paper # | Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18 |
Date of Issue |
Conference Information | |
Committee | ICM |
---|---|
Conference Date | 2014/5/15(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information and Communication Management(ICM) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Implementation of an Environment for Reproducing Targeted Attacks |
Sub Title (in English) | |
Keyword(1) | |
1st Author's Name | Yu TSUDA |
1st Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology() |
2nd Author's Name | MASAKI KAMIZONO |
2nd Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology:Advanced Research Laboratory, SecureBrain Corporation |
3rd Author's Name | TAKASHI TOMINE |
3rd Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
4th Author's Name | SHINGO YASUDA |
4th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
5th Author's Name | RYOSUKE MIURA |
5th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
6th Author's Name | TOSHIYUKI MIYACHI |
6th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
7th Author's Name | MASASHI ETO |
7th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
8th Author's Name | DAISUKE INOUE |
8th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
9th Author's Name | KOJI NAKAO |
9th Author's Affiliation | Cybersecurity Research Center, National Institute. of Information and Communications Technology |
Date | 2014/5/15 |
Paper # | Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18 |
Volume (vol) | vol.114 |
Number (no) | 43 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |