The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
악의적인 활동을 탐지 및 분석하고 이에 대응하는 네트워크 모니터링 시스템은 점점 더 중요해지고 있습니다. 웜, 바이러스, 봇 등의 악성코드는 인프라와 최종 사용자 모두에게 심각한 피해를 입힐 수 있기 때문에 이러한 악성코드를 식별하는 기술에 대한 수요가 높습니다. 대규모 다크넷 모니터링 작업을 통해 악성코드는 대상 IP 주소를 선택하는 등 다양한 종류의 검사 패턴을 가지고 있음을 확인할 수 있습니다. 이러한 진동 중 많은 부분이 마치 신호 파형인 것처럼 자연스러운 주기성을 갖고 있는 것처럼 보이므로, 악성코드의 특징을 추출하기 위해 스펙트럼 분석 방법론을 적용하는 것을 고려했습니다. 본 논문에서는 이러한 스캔 패턴에 주목하여 악성코드 특징 추출에 대한 새로운 개념과 차별화된 분석 방법인 "악성코드 특징 구별 및 추출을 위한 스펙트럼 분석 (스페이드)". 실제 스캔 트래픽을 사용한 여러 평가를 통해 SPADE가 동일한 유형의 악성코드와 다른 유형의 악성코드 간의 유사점과 차이점을 인식하는 데 상당한 이점이 있음을 보여줍니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Masashi ETO, Kotaro SONODA, Daisuke INOUE, Katsunari YOSHIOKA, Koji NAKAO, "Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis" in IEICE TRANSACTIONS on Information,
vol. E93-D, no. 5, pp. 1106-1116, May 2010, doi: 10.1587/transinf.E93.D.1106.
Abstract: Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E93.D.1106/_p
부
@ARTICLE{e93-d_5_1106,
author={Masashi ETO, Kotaro SONODA, Daisuke INOUE, Katsunari YOSHIOKA, Koji NAKAO, },
journal={IEICE TRANSACTIONS on Information},
title={Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis},
year={2010},
volume={E93-D},
number={5},
pages={1106-1116},
abstract={Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.},
keywords={},
doi={10.1587/transinf.E93.D.1106},
ISSN={1745-1361},
month={May},}
부
TY - JOUR
TI - Fine-Grain Feature Extraction from Malware's Scan Behavior Based on Spectrum Analysis
T2 - IEICE TRANSACTIONS on Information
SP - 1106
EP - 1116
AU - Masashi ETO
AU - Kotaro SONODA
AU - Daisuke INOUE
AU - Katsunari YOSHIOKA
AU - Koji NAKAO
PY - 2010
DO - 10.1587/transinf.E93.D.1106
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E93-D
IS - 5
JA - IEICE TRANSACTIONS on Information
Y1 - May 2010
AB - Network monitoring systems that detect and analyze malicious activities as well as respond against them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both infrastructure and end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. Since many of those oscillations seemed to have a natural periodicity, as if they were signal waveforms, we considered to apply a spectrum analysis methodology so as to extract a feature of malware. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named "SPectrum Analysis for Distinction and Extraction of malware features (SPADE)". Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.
ER -