Nicter: A large-scale network incident analysis system: Case studies for understanding threat landscape

Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011

Volumn , Issue , 2011, Pages 37-45

  Eto, Masashi ^a   Inoue, Daisuke ^a   Song, Jungsuk ^a   Nakazato, Junji ^a   Ohtaka, Kazuhiro ^a   Nakao, Koji ^a  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

Author keywords

Correlation analysis; Malware analysis; Network monitoring

Indexed keywords

ANALYSIS RESULTS; CORRELATION ANALYSIS; DARKNET; EMERGENCY RESPONSE; EXECUTABLES; GLOBAL TRENDS; IP ADDRESSS; LARGE-SCALE NETWORK; LONG-TERM OPERATION; MALWARE ANALYSIS; MALWARES; NETWORK INCIDENTS; NETWORK MONITORING; NETWORK THREATS; ROOT CAUSE;

INTERNET PROTOCOLS;

COMPUTER CRIME;

EID: 79958707632     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1978672.1978677     Document Type: Conference Paper

References (20)

1. K. Nakao, K. Yoshioka, D. Inoue, M. Eto, and K. Rikitake. nicter: An Incident Analysis System using Correlation between Network Monitoring and Malware Analysis. In The 1st Joint Workshop on Information Security (JWIS06), pages 363-377, 2006.
2. K. Nakao, K. Yoshioka, D. Inoue, and M. Eto. A Novel Concept of Network Incident Analysis based on Multi-layer Observations of Malware Activities. In The 2nd Joint Workshop on Information Security (JWIS07), pages 267-279, 2007.
3. D. Inoue, M. Eto, K. Yoshioka, S. Baba, K. Suzuki, J. Nakazato, K. Ohtaka, and K. Nakao. nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis. In WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pages 58-66, 2008.
4. M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson. The Internet Motion Sensor: A distributed blackhole monitoring system. In Proceedings of the 12th ISOC Symposium on Network and Distributed Systems Security (NDSS), pages 167-179. Citeseer, 2005.
5. SANS Internet Storm Center. http://isc.sans.org/.
6. F. Pouget, M. Dacier, and V.H. Pham. Leurre.com: On the Advantages of Deploying a Large Scale Distributed Honeypot Platform. In E-Crime and Computer Conference (ECCE'05), 2005.
7. D. Moore, C. Shannon, G.M. Voelker, and S. Savage. Network telescopes: Technical report. CAIDA, April, 2004.
8. M. Bailey, E. Cooke, F. Jahanian, A. Myrick, and S. Sinha. Practical darknet measurement. In Information Sciences and Systems, 2006 40th Annual Conference on, pages 1496-1501. IEEE, 2007. (Pubitemid 351710247)
9. N. Provos. Honeyd-a virtual honeypot daemon. In 10th DFNCERT Workshop, Hamburg, Germany, 2003.
10. C. Leita, M. Dacier, and F. Massicotte. Automatic handling of protocol dependencies and reaction to 0-day attacks with ScriptGen based honeypots. In Recent Advances in Intrusion Detection, pages 185-205. Springer, 2006. (Pubitemid 44617853)
11. N. Provos. A virtual honeypot framework. In Proceedings of the 13th conference on USENIX Security Symposium-Volume 13, page 1. USENIX Association, 2004.
12. E. Alata, V. Nicomette, M. Kâaniche, M. Dacier, and M. Herrb. Lessons learned from the deployment of a high-interaction honeypot. In Dependable Computing Conference, 2006. EDCC'06. Sixth European, pages 39-46. IEEE, 2006.
13. R. Isawa, S. Ichikawa, Y. Shiraishi, M. Mori, and M. Morii. A Virus Analysis Supporting System-For automatic grasping virus behavior by code-analysis result. Joho Shori Gakkai Shinpojiumu Ronbunshu, 1(13):169-174, 2005.
14. D. Inoue, M. Eto, K. Yoshioka, Y. Hoshizawa, Isawa R., M. Morii, and K. Nakao. Micro analysis system for analyzing malware code and its behavior on nicter. In Symposium on Cryptography and Information Security (SCIS) 2007. IEICE, Jan 2007.
15. C. Willems, T. Holz, and F. Freiling. Toward automated dynamic malware analysis using cwsandbox. IEEE Security & Privacy, pages 32-39, 2007. (Pubitemid 46527386)
16. N. Solutions. Norman sandbox whitepaperhttp://download.norman.no/ whitepapers/whitepaperNormanSandBox.pdf, 2003.
17. K. Nakao, D. Inoue, M. Eto, and K. Yoshioka. Practical Correlation Analysis between Scan and Malware Profiles against Zero-Day Attacks Based on Darknet Monitoring. IEICE TRANSACTIONS on Information and Systems, 92(5):787- 798, 2009.
18. Microsoft Corporation. http://www.microsoft.com/technet/security/ Bulletin/MS08-067.mspx.
19. E Chien. Downadup: Attempts at Smart Network Scanning. http://www.symantec.com/connect/blogs/downadupattempts-smart-network-scanning, 2009.
20. E. Cooke, Z.M. Mao, and F. Jahanian. Hotspots: The root causes of non-uniformity in self-propagating malware. In Dependable Systems and Networks, 2006. DSN 2006. International Conference on, pages 179-188. IEEE, 2006. (Pubitemid 44930419)