| Presentation | 2014-07-04 A Case Study on Light-weight URL Blacklist Generation based on Sandbox Analysis Mitsuhiro HATADA, Takanori INAZUMI, Jun ARIKAWA, Yasuyuki TANAKA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In order to detect the malware infection in internal network, we focus on HTTP traffic to the Internet. URL blacklist is on of the effective countermeasures to detect the malware traffic such as C&C communication, malware downloading and so on. Sandbox analysis is useful to understand the malware behaviors not only files and registries activities but also network activities containing HTTP communications. In this paper, we present a novel approach of URL blacklist generation based on correlation rules whether the malware read the system information or user credentials or not. In addition, by using our proposal approach, we observed malware download by malware and showed the result of generation of the malware downloading URL blacklist as a case study. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Malware / Sandbox Analysis / Extrusion Detection / URL Blacklist |
| Paper # | ISEC2014-44,SITE2014-39,ICSS2014-48,EMM2014-44 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2014/6/26(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Case Study on Light-weight URL Blacklist Generation based on Sandbox Analysis |
| Sub Title (in English) | |
| Keyword(1) | Malware |
| Keyword(2) | Sandbox Analysis |
| Keyword(3) | Extrusion Detection |
| Keyword(4) | URL Blacklist |
| 1st Author's Name | Mitsuhiro HATADA |
| 1st Author's Affiliation | NTT Communications Corporation() |
| 2nd Author's Name | Takanori INAZUMI |
| 2nd Author's Affiliation | NTT Communications Corporation |
| 3rd Author's Name | Jun ARIKAWA |
| 3rd Author's Affiliation | NTT Communications Corporation |
| 4th Author's Name | Yasuyuki TANAKA |
| 4th Author's Affiliation | NTT Communications Corporation |
| Date | 2014-07-04 |
| Paper # | ISEC2014-44,SITE2014-39,ICSS2014-48,EMM2014-44 |
| Volume (vol) | vol.114 |
| Number (no) | 117 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |