Presentation | 2014/6/26 A detection method of malware infections based on "graylists" Tomo KAKUTA, TOMOYA OHTORI, YASUHIRO FUJII, NOBUHIKO TANIGUCHI, TAKEYASU KISHIRO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | As well as network population has been increasing in recent years, cyber-attack techniques, which are criminal offenses on the network, have been more refined and prevention for them such as malware infection is becoming more difficult. In order to minimize the damage, various methods of detecting malwares at earliest opportunity have been developed. However, those methods are based on blacklists of malicious Web site (C&C server) and therefore have difficulty in following the frequent change of C&C servers. In order to overcome such a difficulty, we propose a new method of automatically generating blacklists and whitelists as follows: firstly, calculating malignancies by analyzing access logs of the network. Secondly, based on the malignancies, assigning destination URLs to blacklists, whitelists and "graylists" that are not included in either lists. After that, performing additional authentication which a program such as a malware cannot pass through but human can, and assigning the graylists to the blacklists or whitelists based on the outcome of the authentication. This method is expected to improve the detection capability of malware infection compared with the conventional methods which depend on only black lists. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | |
Paper # | |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2014/6/26(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | A detection method of malware infections based on "graylists" |
Sub Title (in English) | |
Keyword(1) | |
1st Author's Name | Tomo KAKUTA |
1st Author's Affiliation | Hitachi Systems, Ltd. Research & Development Division() |
2nd Author's Name | TOMOYA OHTORI |
2nd Author's Affiliation | Hitachi Systems, Ltd. Cloud ICT Service Business Group |
3rd Author's Name | YASUHIRO FUJII |
3rd Author's Affiliation | Hitachi Systems, Ltd. Research & Development Division |
4th Author's Name | NOBUHIKO TANIGUCHI |
4th Author's Affiliation | Hitachi Systems, Ltd. Cloud ICT Service Business Group |
5th Author's Name | TAKEYASU KISHIRO |
5th Author's Affiliation | Hitachi Systems, Ltd. Cloud ICT Service Business Group |
Date | 2014/6/26 |
Paper # | |
Volume (vol) | vol.114 |
Number (no) | 115 |
Page | pp.pp.- |
#Pages | 7 |
Date of Issue |