Title :
Geographical Visualization of Malware Download for Anomaly Detection
Author :
Hiroguchi, Naoki ; Kikuchi, Hiroaki ; Sisaat, Khamphao ; Kittitornkun, Surin
Author_Institution :
Grad. Sch. of Eng., Tokai Univ., Hiratsuka, Japan
Abstract :
We study a linkage between attacks in cyberspace and incidents in our real world. For example, the Internet had been closed down in Egypt for preventing protests against President Hosni Mubarak. Meanwhile, for more than two weeks we have observed that no port-scan packet were sent from Egypt to Japan. This motivates us for this study to find any incident between botnet attacks which were involved many vulnerable servers and the real events occurred in the world. For this purpose, we developed the virtualization system on Google Earth service for plotting source IP addresses of botnet communications. We investigated the actual malware downloading events observed by more than 70 distributed honey pots in the Japanese backbone network. In order to automate the detection process, we study some anomaly detection schemes base on the entropy of honey pot activities. Our analysis shows some evidences that botnet attacks are involved in our real world.
Keywords :
IP networks; Internet; data visualisation; geographic information systems; invasive software; Google Earth service; IP address; Internet; anomaly detection; botnet attacks; botnet communications; cyberspace; geographical visualization; malware download; Cities and towns; Earth; Educational institutions; Google; IP networks; Malware; Servers; Botnet; Maleware;
Conference_Titel :
Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on
Conference_Location :
Tokyo
Print_ISBN :
978-1-4673-2261-4
Electronic_ISBN :
978-0-7695-4776-3
DOI :
10.1109/AsiaJCIS.2012.20
