Scalable Command and Control Detection in Log Data through UF-ICF Analysis

被引：0

作者：

Hong, Kai-Fong ^{[1
]}

Chen, Chien-Chih ^{[1
]}

Chiu, Yu-Ting ^{[1
]}

Chou, Kuo-Sen ^{[1
]}

机构：

[1] Chunghwa Telecom Labs, I&C Secur Lab, Chungli 32601, Taiwan

来源：

49TH ANNUAL IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST) | 2015年

关键词：

Botnet; Command and Control (C&C); networking logs;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

During an advanced persistent threat (APT), an attacker group usually establish more than one C&C server and these C&C servers will change their domain names and corresponding IP addresses over time to be unseen by anti -virus software or intrusion prevention systems. For this reason, discovering and catching C&C sites becomes a big challenge in information security. Based on our observations and deductions, a malware tends to contain a fixed user agent string, and the connection behaviors generated by a malware is different from that by a benign service or a normal user. This paper proposed a new method comprising filtering and clustering methods to detect C&C servers with a relatively higher coverage rate. The experiments revealed that the proposed method can successfully detect C&C Servers, and the can provide an important clue for detecting APT.

引用

页码：293 / 298

页数：6

共 20 条

[1]

Alperovitch D., 2011, REVEALED OPERATION S

[2]

Alvaro A, 2013, BIG DATA ANAL SECURI

[3]

[Anonymous], 2008, NDSS

[4]

[Anonymous], 2012, Sci. J

[5]

[Anonymous], 2008, NDSS

[6] On the Analysis of the Zeus Botnet Crimeware Toolkit [J].

Binsalleeh, H. ;

Ormerod, T. ;

Boukhtouta, A. ;

Sinha, P. ;

Youssef, A. ;

Debbabi, M. ;

Wang, L. .

PST 2010: 2010 EIGHTH INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST, 2010, :31-38

[7]

Cloud Security Alliance, 2013, BIG DAT AN SEC INT

[8]

Gu G., 2008, USENIX SECURITY

[9]

Holz Thorsten, 2008, MAL UNW SOFTW 2008 M

[10]

Hong Kai-Fong, 2015, IEEE BIGDATA C

← 1 2 →