"Development of a Detection and Responding System for Malware Communications by Using OpenFlow and Its Evaluation"
| Title | "Development of a Detection and Responding System for Malware Communications by Using OpenFlow and Its Evaluation" |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | N. Nakagawa, Y. Teshigawara, R. Sasaki |
| Conference Name | 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec) |
| Date Published | Oct |
| Publisher | IEEE |
| ISBN Number | 978-1-4673-8499-5 |
| Accession Number | 16091600 |
| Keywords | advanced persistent threat attacks, APT attacks, attacking infrastructure building phase, computer network security, computer security, Databases, digital forensics, Dynamic Responding, entry control measures, initial compromise phase, intrusion detection system, invasive software, IP networks, Malware, malware communication, malware detection system, malware responding system, mission execution phase, Network security, OpenFlow, OpenFlow technology, path control, penetration and exploration phase, Ports (Computers), Protocols, pubcrawl170101, virtual networks |
| Abstract | Advanced Persistent Threat (APT) attacks, which have become prevalent in recent years, are classified into four phases. These are initial compromise phase, attacking infrastructure building phase, penetration and exploration phase, and mission execution phase. The malware on infected terminals attempts various communications on and after the attacking infrastructure building phase. In this research, using OpenFlow technology for virtual networks, we developed a system of identifying infected terminals by detecting communication events of malware communications in APT attacks. In addition, we prevent information fraud by using OpenFlow, which works as real-time path control. To evaluate our system, we executed malware infection experiments with a simulation tool for APT attacks and malware samples. In these experiments, an existing network using only entry control measures was prepared. As a result, we confirm the developed system is effective. |
| URL | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7491560&isnumber=7491501 |
| DOI | 10.1109/CyberSec.2015.18 |
| Citation Key | 7491560 |
- malware
- virtual networks
- pubcrawl170101
- Protocols
- Ports (Computers)
- penetration and exploration phase
- path control
- OpenFlow technology
- OpenFlow
- network security
- mission execution phase
- malware responding system
- malware detection system
- malware communication
- advanced persistent threat attacks
- IP networks
- invasive software
- intrusion detection system
- initial compromise phase
- entry control measures
- Dynamic Responding
- Digital Forensics
- Databases
- computer security
- computer network security
- attacking infrastructure building phase
- APT attacks