Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring

Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring

Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2009/05/01, Vol.E92.D(5), pp.787-798
Hauptverfasser: NAKAO, Koji, INOUE, Daisuke, ETO, Masashi, YOSHIOKA, Katsunari
Format: Artikel
Sprache:eng
Schlagworte:
Chains
Correlation analysis
Countermeasures
darknet malware analysis
Focusing
Mathematical analysis
Monitoring
network monitoring
Networks
sandbox
Statistics
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 798
container_issue 5
container_start_page 787
container_title IEICE Transactions on Information and Systems
container_volume E92.D
creator NAKAO, Koji
INOUE, Daisuke
ETO, Masashi
YOSHIOKA, Katsunari
description Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.
doi_str_mv 10.1587/transinf.E92.D.787
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_889410183</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>889410183</sourcerecordid><originalsourceid>FETCH-LOGICAL-c557t-d7a369221c00c4ab419b6d26dc79f04617e2ea2b9573a6786a1f59e40bc534c3</originalsourceid><addsrcrecordid>eNpdkDFPGzEYhq2qSE1D_0Anb0wXbN_5fDemSVpAIJBgYrG-832Xmjh2ajtC-fccSsnA9C7P8w4PIT85m3HZqMscwSfrh9mqFbPlTDXqC5lwVcmClzX_Sias5XXRyFJ8I99TemGMN4LLCdk_RDDZGnB0EWJEB9kGT-ce3CHZRDvMr4iePhrwFHxP78C9QkT6EMNgHSYKa7A-ZfqMMRRLONB5zmA2if6ChD0dz5YQNx4zvQve5hCtX5-TswFcwh__d0qefq-eFlfF7f2f68X8tjBSqlz0Csq6FYIbxkwFXcXbru5F3RvVDqyquUKBILpWqhJq1dTAB9lixTojy8qUU3JxvN3F8G-PKeutTQadA49hn3TTtBUfS5QjKY6kiSGliIPeRbuFeNCc6ffC-qOwHgvrpR4Lj9LNUXpJGdZ4UiCOQR1-VuRpR_kEmb8QNfryDaKajiU</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>889410183</pqid></control><display><type>article</type><title>Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring</title><source>J-STAGE Free</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>NAKAO, Koji ; INOUE, Daisuke ; ETO, Masashi ; YOSHIOKA, Katsunari</creator><creatorcontrib>NAKAO, Koji ; INOUE, Daisuke ; ETO, Masashi ; YOSHIOKA, Katsunari</creatorcontrib><description>Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.</description><identifier>ISSN: 0916-8532</identifier><identifier>ISSN: 1745-1361</identifier><identifier>EISSN: 1745-1361</identifier><identifier>DOI: 10.1587/transinf.E92.D.787</identifier><language>eng</language><publisher>The Institute of Electronics, Information and Communication Engineers</publisher><subject>Chains ; Correlation analysis ; Countermeasures ; darknet malware analysis ; Focusing ; Mathematical analysis ; Monitoring ; network monitoring ; Networks ; sandbox ; Statistics</subject><ispartof>IEICE Transactions on Information and Systems, 2009/05/01, Vol.E92.D(5), pp.787-798</ispartof><rights>2009 The Institute of Electronics, Information and Communication Engineers</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c557t-d7a369221c00c4ab419b6d26dc79f04617e2ea2b9573a6786a1f59e40bc534c3</citedby><cites>FETCH-LOGICAL-c557t-d7a369221c00c4ab419b6d26dc79f04617e2ea2b9573a6786a1f59e40bc534c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,1877,4010,27900,27901,27902</link.rule.ids></links><search><creatorcontrib>NAKAO, Koji</creatorcontrib><creatorcontrib>INOUE, Daisuke</creatorcontrib><creatorcontrib>ETO, Masashi</creatorcontrib><creatorcontrib>YOSHIOKA, Katsunari</creatorcontrib><title>Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring</title><title>IEICE Transactions on Information and Systems</title><addtitle>IEICE Trans. Inf. &amp; Syst.</addtitle><description>Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.</description><subject>Chains</subject><subject>Correlation analysis</subject><subject>Countermeasures</subject><subject>darknet malware analysis</subject><subject>Focusing</subject><subject>Mathematical analysis</subject><subject>Monitoring</subject><subject>network monitoring</subject><subject>Networks</subject><subject>sandbox</subject><subject>Statistics</subject><issn>0916-8532</issn><issn>1745-1361</issn><issn>1745-1361</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2009</creationdate><recordtype>article</recordtype><recordid>eNpdkDFPGzEYhq2qSE1D_0Anb0wXbN_5fDemSVpAIJBgYrG-832Xmjh2ajtC-fccSsnA9C7P8w4PIT85m3HZqMscwSfrh9mqFbPlTDXqC5lwVcmClzX_Sias5XXRyFJ8I99TemGMN4LLCdk_RDDZGnB0EWJEB9kGT-ce3CHZRDvMr4iePhrwFHxP78C9QkT6EMNgHSYKa7A-ZfqMMRRLONB5zmA2if6ChD0dz5YQNx4zvQve5hCtX5-TswFcwh__d0qefq-eFlfF7f2f68X8tjBSqlz0Csq6FYIbxkwFXcXbru5F3RvVDqyquUKBILpWqhJq1dTAB9lixTojy8qUU3JxvN3F8G-PKeutTQadA49hn3TTtBUfS5QjKY6kiSGliIPeRbuFeNCc6ffC-qOwHgvrpR4Lj9LNUXpJGdZ4UiCOQR1-VuRpR_kEmb8QNfryDaKajiU</recordid><startdate>2009</startdate><enddate>2009</enddate><creator>NAKAO, Koji</creator><creator>INOUE, Daisuke</creator><creator>ETO, Masashi</creator><creator>YOSHIOKA, Katsunari</creator><general>The Institute of Electronics, Information and Communication Engineers</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>2009</creationdate><title>Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring</title><author>NAKAO, Koji ; INOUE, Daisuke ; ETO, Masashi ; YOSHIOKA, Katsunari</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c557t-d7a369221c00c4ab419b6d26dc79f04617e2ea2b9573a6786a1f59e40bc534c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Chains</topic><topic>Correlation analysis</topic><topic>Countermeasures</topic><topic>darknet malware analysis</topic><topic>Focusing</topic><topic>Mathematical analysis</topic><topic>Monitoring</topic><topic>network monitoring</topic><topic>Networks</topic><topic>sandbox</topic><topic>Statistics</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>NAKAO, Koji</creatorcontrib><creatorcontrib>INOUE, Daisuke</creatorcontrib><creatorcontrib>ETO, Masashi</creatorcontrib><creatorcontrib>YOSHIOKA, Katsunari</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Information and Systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>NAKAO, Koji</au><au>INOUE, Daisuke</au><au>ETO, Masashi</au><au>YOSHIOKA, Katsunari</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring</atitle><jtitle>IEICE Transactions on Information and Systems</jtitle><addtitle>IEICE Trans. Inf. &amp; Syst.</addtitle><date>2009</date><risdate>2009</risdate><volume>E92.D</volume><issue>5</issue><spage>787</spage><epage>798</epage><pages>787-798</pages><issn>0916-8532</issn><issn>1745-1361</issn><eissn>1745-1361</eissn><abstract>Considering rapid increase of recent highly organized and sophisticated malwares, practical solutions for the countermeasures against malwares especially related to zero-day attacks should be effectively developed in an urgent manner. Several research activities have been already carried out focusing on statistic calculation of network events by means of global network sensors (so-called macroscopic approach) as well as on direct malware analysis such as code analysis (so-called microscopic approach). However, in the current research activities, it is not clear at all how to inter-correlate between network behaviors obtained from macroscopic approach and malware behaviors obtained from microscopic approach. In this paper, in one side, network behaviors observed from darknet are strictly analyzed to produce scan profiles, and in the other side, malware behaviors obtained from honeypots are correctly analyzed so as to produce a set of profiles containing malware characteristics. To this end, inter-relationship between above two types of profiles is practically discussed and studied so that frequently observed malwares behaviors can be finally identified in view of scan-malware chain.</abstract><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transinf.E92.D.787</doi><tpages>12</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0916-8532
ispartof IEICE Transactions on Information and Systems, 2009/05/01, Vol.E92.D(5), pp.787-798
issn 0916-8532
1745-1361
1745-1361
language eng
recordid cdi_proquest_miscellaneous_889410183
source J-STAGE Free; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects Chains
Correlation analysis
Countermeasures
darknet malware analysis
Focusing
Mathematical analysis
Monitoring
network monitoring
Networks
sandbox
Statistics
title Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T17%3A26%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Practical%20Correlation%20Analysis%20between%20Scan%20and%20Malware%20Profiles%20against%20Zero-Day%20Attacks%20Based%20on%20Darknet%20Monitoring&rft.jtitle=IEICE%20Transactions%20on%20Information%20and%20Systems&rft.au=NAKAO,%20Koji&rft.date=2009&rft.volume=E92.D&rft.issue=5&rft.spage=787&rft.epage=798&rft.pages=787-798&rft.issn=0916-8532&rft.eissn=1745-1361&rft_id=info:doi/10.1587/transinf.E92.D.787&rft_dat=%3Cproquest_cross%3E889410183%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=889410183&rft_id=info:pmid/&rfr_iscdi=true