Presentation | 2015-03-04 Prediction of Malware Activities based on Loopback Address from DNS Masaki KAMIZONO, Takashi TOMINE, Yu TSUDA, Masashi ETO, Yuji HOSHIZAWA, Daisuke INOUE, Katsunari YOSHIOKA, Tsutomu MATSUMOTO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | During malware dynamic analysis, the analysis system often finds the loopback address in responses of DNS name resolution. They are the results of a countermeasure of service providers in order to mitigate malicious activities by disabling resolution of malicious host names. Meanwhile, recent attackers control malware by applying the loopback address to deactivate them as well as applying actual IP addresses to reactivate them. This research proposes a system to observe DNS responses with the loopback address and analyses the observed responses. Additionally, by focusing on a change of the loopback address in a DNS response, this research verifies the efficiency of dynamic analysis by comparing analysis results before and after the change of the DNS response. Based on the verification, this paper considers a method which derives emerging malicious sites and FQDNs. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Malware Dynamic Analysis / DNS / Loopback Address |
Paper # | ICSS2014-80 |
Date of Issue |
Conference Information | |
Committee | ICSS |
---|---|
Conference Date | 2015/2/24(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information and Communication System Security (ICSS) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Prediction of Malware Activities based on Loopback Address from DNS |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Malware Dynamic Analysis |
Keyword(3) | DNS |
Keyword(4) | Loopback Address |
1st Author's Name | Masaki KAMIZONO |
1st Author's Affiliation | National Institute of Information and Communications Technology:Securebrain Corporation:Yokohama National University() |
2nd Author's Name | Takashi TOMINE |
2nd Author's Affiliation | National Institute of Information and Communications Technology |
3rd Author's Name | Yu TSUDA |
3rd Author's Affiliation | National Institute of Information and Communications Technology |
4th Author's Name | Masashi ETO |
4th Author's Affiliation | National Institute of Information and Communications Technology |
5th Author's Name | Yuji HOSHIZAWA |
5th Author's Affiliation | Securebrain Corporation:Yokohama National University |
6th Author's Name | Daisuke INOUE |
6th Author's Affiliation | National Institute of Information and Communications Technology |
7th Author's Name | Katsunari YOSHIOKA |
7th Author's Affiliation | Yokohama National University |
8th Author's Name | Tsutomu MATSUMOTO |
8th Author's Affiliation | Yokohama National University |
Date | 2015-03-04 |
Paper # | ICSS2014-80 |
Volume (vol) | vol.114 |
Number (no) | 489 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |