DocumentCode :
3180957
Title :
A discovery of sequential attack patterns of malware in botnets
Author :
Rosyid, Nur Rohman ; Ohrui, Masayuki ; Kikuchi, Hiroaki ; Sooraksa, Pitikhate ; Terada, Masato
Author_Institution :
Sch. of Sci. & Technol., Tokai Univ., Hiratsuka, Japan
fYear :
2010
fDate :
10-13 Oct. 2010
Firstpage :
2564
Lastpage :
2570
Abstract :
More than 90 independent honeypots have observed malware traffic at the Japanese tier-1 backbone. Typical attacks were made by multiple servers, coordinating to send many kinds of malware. This paper aims to discover some frequent new sequential attack patterns of malware. It is not easy to identify particular patterns logs of one year because the volume of dataset is too large to investigate one by one. To overcome the problem, this paper proposes data mining algorithm, the PrefixSpan method. We implement the PrefixSpan algorithm to analyze the malware footprints and show the experimental result. The result of analysis shows that the attacks are performed by multiple sequential attack patterns within a short amount of time.
Keywords :
data mining; invasive software; software agents; Japanese tier-1 backbone; PrefixSpan algorithm; botnets; data mining algorithm; independent honeypots; malware footprints; malware traffic; sequential attack pattern; Decision support systems; Electronic mail; Botnets; Coordinated Attack; Malware; PrefixSpan; Sequential Pattern;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Systems Man and Cybernetics (SMC), 2010 IEEE International Conference on
Conference_Location :
Istanbul
ISSN :
1062-922X
Print_ISBN :
978-1-4244-6586-6
Type :
conf
DOI :
10.1109/ICSMC.2010.5641914
Filename :
5641914
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3180957
بازگشت