The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Os sistemas de monitoramento de rede que detectam e analisam atividades maliciosas, bem como respondem contra elas, estão se tornando cada vez mais importantes. Como malwares, como worms, vírus e bots, podem causar danos significativos tanto à infraestrutura quanto ao usuário final, as tecnologias para identificar esses malwares em propagação são muito procuradas. Na operação de monitoramento em larga escala da darknet, podemos ver que os malwares têm vários tipos de padrões de varredura que envolvem a escolha de endereços IP de destino. Como muitas dessas oscilações pareciam ter uma periodicidade natural, como se fossem formas de onda de sinal, consideramos aplicar uma metodologia de análise de espectro para extrair uma característica de malware. Com foco nesses padrões de varredura, este artigo propõe um novo conceito de extração de recursos de malware e um método de análise distinto denominado "Análise SPectrum para distinção e extração de recursos de malware (PÁ)". Através de diversas avaliações usando tráfego de varredura real, mostramos que o SPADE tem a vantagem significativa de reconhecer as semelhanças e diferenças entre o mesmo e diferentes tipos de malware.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Masashi ETO, Kotaro SONODA, Daisuke INOUE, Katsunari YOSHIOKA, Koji NAKAO, "Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis" in IEICE TRANSACTIONS on Information,
vol. E93-D, no. 5, pp. 1106-1116, May 2010, doi: 10.1587/transinf.E93.D.1106.
Abstract: Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E93.D.1106/_p
Copiar
@ARTICLE{e93-d_5_1106,
author={Masashi ETO, Kotaro SONODA, Daisuke INOUE, Katsunari YOSHIOKA, Koji NAKAO, },
journal={IEICE TRANSACTIONS on Information},
title={Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis},
year={2010},
volume={E93-D},
number={5},
pages={1106-1116},
abstract={Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.},
keywords={},
doi={10.1587/transinf.E93.D.1106},
ISSN={1745-1361},
month={May},}
Copiar
TY - JOUR
TI - Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis
T2 - IEICE TRANSACTIONS on Information
SP - 1106
EP - 1116
AU - Masashi ETO
AU - Kotaro SONODA
AU - Daisuke INOUE
AU - Katsunari YOSHIOKA
AU - Koji NAKAO
PY - 2010
DO - 10.1587/transinf.E93.D.1106
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E93-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2010
AB - Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.
ER -