Presentation 2014/5/15
Implementation of an Environment for Reproducing Targeted Attacks
Yu TSUDA, MASAKI KAMIZONO, TAKASHI TOMINE, SHINGO YASUDA, RYOSUKE MIURA, TOSHIYUKI MIYACHI, MASASHI ETO, DAISUKE INOUE, KOJI NAKAO,
PDF Download Page PDF download Page Link
Abstract(in Japanese) (See Japanese page)
Abstract(in English) Targeted attacks which aimed at a specific orgnization or company become an object of public concern. Targeted attacks have some attacking phases, for instance reconnaissance, installation exploitation and so on. According to some analyzing reports, attackers use various tools. Most of analyzing reports have results which include attacking tools and malwares individually. Therefore, relevances among the individual results are complemented of scenarios which analysts suppose, because analysts can not obtain attaking environments and harmful environments substantially. In this paper, we implement an environment for reproducing whole scenarios of targeted attacks in order to observing attackers' activities precisely. The environment has some attaking tools and a simulated C&C server as an attacker's zone. Also, we implement a victim's zone like a company's computing environment which is targeted from attackers. In addition, the environment has supporting zone which is used for reproducing attacking scenarios easily. At last, we produce a scenario of a targeted attack in this environment and discuss this environment with some logs such as Windows event logs, some server logs and network traffic data on the victim's zone.
Keyword(in Japanese) (See Japanese page)
Keyword(in English)
Paper # Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18
Date of Issue

Conference Information
Committee ICM
Conference Date 2014/5/15(1days)
Place (in Japanese) (See Japanese page)
Place (in English)
Topics (in Japanese) (See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To Information and Communication Management(ICM)
Language JPN
Title (in Japanese) (See Japanese page)
Sub Title (in Japanese) (See Japanese page)
Title (in English) Implementation of an Environment for Reproducing Targeted Attacks
Sub Title (in English)
Keyword(1)
1st Author's Name Yu TSUDA
1st Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology()
2nd Author's Name MASAKI KAMIZONO
2nd Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology:Advanced Research Laboratory, SecureBrain Corporation
3rd Author's Name TAKASHI TOMINE
3rd Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
4th Author's Name SHINGO YASUDA
4th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
5th Author's Name RYOSUKE MIURA
5th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
6th Author's Name TOSHIYUKI MIYACHI
6th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
7th Author's Name MASASHI ETO
7th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
8th Author's Name DAISUKE INOUE
8th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
9th Author's Name KOJI NAKAO
9th Author's Affiliation Cybersecurity Research Center, National Institute. of Information and Communications Technology
Date 2014/5/15
Paper # Vol.2014-CSEC-65 No.18,Vol.2014-IOT-25 No.18
Volume (vol) vol.114
Number (no) 43
Page pp.pp.-
#Pages 6
Date of Issue