Malware behavior analysis in isolated miniature network for revealing Malware's network activity

IEEE International Conference on Communications

Volumn , Issue , 2008, Pages 1715-1721

  Inoue, Daisuke ^a   Yoshioka, Katsunari ^a   Eto, Masashi ^a   Hoshizawa, Yuji ^b   Nakao, Koji ^a  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

^b SecureBrain Corporation   (Japan)

Author keywords

Behavior analysis; Malware; Miniature network

Indexed keywords

COMPUTER NETWORKS; COMPUTER WORMS; CRACK PROPAGATION; INTERNET; METALLOGRAPHY; REAL TIME SYSTEMS;

BEHAVIOR ANALYSIS; MALWARE; MINIATURE NETWORK;

COMPUTER VIRUSES;

EID: 51249117305     PISSN: 05361486     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICC.2008.330     Document Type: Conference Paper

References (22)

1. M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson, "The Internet Motion Sensor: A Distributed Blackhole Monitoring System," The 12th Annual Network and Distributed System Security Symposium (NDSS05), 2005.
2. D. Moore, "Network Telescopes: Tracking Denial-of-Service Attacks and Internet Worms around the Globe," 17th Large Installation Systems Administration Conference (LISA '03), 2003.
3. SANS Internet Storm Center, http://isc.sans.org/.
4. F. Pouget, M. Dacier, and V.H.Pham, "Leurre.com: On the Advantages of Deploying a Large Scale Distributed Honeypot Platform," E-Crime and Computer Conference (ECCE'05), 2005.
5. REN-ISAC: Research and Education Networking Information Sharing and Analysis Center, http://www.ren-isac.net/.
6. Korea Internet Security Center (KISC), http://www.krcert.net/english/ main.htm.
7. JPCERT/CC Internet Scan Data Acquisition System (ISDAS), http://www.jpcert.or.jp/isdas/.
8. @police, http://www.cyberpolice.go.jp/detect/observation.html.
9. WCLSCAN, http://www.wclscan.org/.
10. IT Security Center, Information-Technology Promotion Agency, Japan, http://www.ipa.go.jp/security/.
11. Telecom-ISAC Japan, https://www.telecom-isac.jp/.
12. K. Nakao, K. Yoshioka, D. Inoue, M. Eto, and K. Rikitake, "nicter: An Incident Analysis System using Correlation between Network Monitoring and Malware Analysis," The 1st Joint Workshop on Information Security (JWIS06), pp. 363-377, 2006.
13. K. Nakao, K. Yoshioka, D. Inoue, and M. Eto, "A Novel Concept of Network Incident Analysis based on Multi-layer Observations of Malware Activities," The 2nd Joint Workshop on Information Security (JWIS07), pp. 267-279, 2007.
14. C. Willems, T. Holz, and F. Freiling, "Toward Automated Dynamic Malware Analysis Using CWSandbox," Security & Privacy Magazine, IEEE, Volume 5, Issue 2, pp. 32-39, 2007. http://www.cwsandbox.org/.
15. Anubis, http://analysis.seclab.tuwien.ac.at/.
16. U. Bayer, C. Kruegel, and E. Kirda, "TTAnalyze: A Tool for Analyzing Malware," 15th Annual Conference of the European Institute for Computer Antivirus Research (EICAR), 2006.
17. F. Bellard, "QEMU, a Fast and Portable Dynamic Translator," 2005 USENIX Annual Technical Conference, FREENIX Track, pp 41-46, 2005.
18. NORMAN Sandbox Information Center, http://www.norman.com/microsites/nsic/ .
19. C. Seifert, R. Steenson, I. Welch, P. Komisarczuk, and B. Endicott-Popovsky, "Capture - A Behavioral Analysis Tool for Applications and Documents," 7th Annual Digital Forensic Research Workshop (DFRWS), 2007.
20. Joebox, http://www.joebox.org/.
21. Holy Father, "Hooking Windows API - Technics of Hooking API Functions on Windows," CodeBreakers Journal, Vol. 1, No. 2, 2004.
22. P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. C. Freiling, "The Nepenthes Platform: An Efficient Approach to Collect Malware," 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006), pp. 165-184, 2006.