Mimura et al., 2017 - Google Patents
A practical experiment of the HTTP-based RAT detection method in proxy server logsMimura et al., 2017
- Document ID
- 13673907093523656288
- Author
- Mimura M
- Otsubo Y
- Tanaka H
- Tanaka H
- Publication year
- Publication venue
- 2017 12th Asia Joint Conference on Information Security (AsiaJCIS)
External Links
Snippet
Detecting RAT (Remote Access Trojan or Remote Administration Tool) used in APT (Advanced Persistent Threat) attacks is a challenging task. Many previous methods to detect RATs on the network require monitoring all network traffic. However, it is difficult to keep all …
- 241000700159 Rattus 0 title abstract description 77
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Anderson et al. | Deciphering malware’s use of TLS (without decryption) | |
US11102223B2 (en) | Multi-host threat tracking | |
Prasse et al. | Malware detection by analysing network traffic with neural networks | |
US8561188B1 (en) | Command and control channel detection with query string signature | |
US11153330B1 (en) | Detection of DNS (domain name system) tunneling and exfiltration through DNS query analysis | |
Csikor et al. | Privacy of DNS-over-HTTPS: Requiem for a Dream? | |
EP2901612A2 (en) | Apparatus, system and method for identifying and mitigating malicious network threats | |
US20220191223A1 (en) | System and Method for Intrusion Detection of Malware Traffic based on Feature Information | |
Mimura et al. | A practical experiment of the HTTP-based RAT detection method in proxy server logs | |
Fachkha et al. | Investigating the dark cyberspace: Profiling, threat-based analysis and correlation | |
Thomas | Improving intrusion detection for imbalanced network traffic | |
Sammour et al. | DNS tunneling: A review on features | |
Lamprakis et al. | Unsupervised detection of APT C&C channels using web request graphs | |
Kovanen et al. | Survey: Intrusion detection systems in encrypted traffic | |
US20180375884A1 (en) | Detecting user behavior activities of interest in a network | |
Almousa et al. | Identification of ransomware families by analyzing network traffic using machine learning techniques | |
Yang et al. | Detecting DNS tunnels using session behavior and random forest method | |
Wang et al. | Behavior‐based botnet detection in parallel | |
Abdulla et al. | Employing machine learning algorithms to detect unknown scanning and email worms. | |
Moure-Garrido et al. | Detecting malicious use of doh tunnels using statistical traffic analysis | |
US20240430287A1 (en) | System and method for locating dga compromised ip addresses | |
Nikolaev et al. | Exploit kit website detection using http proxy logs | |
Seo et al. | Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling | |
Jingping et al. | Detection and recognition of atomic evasions against network intrusion detection/prevention systems | |
Niu et al. | HTTP‐Based APT Malware Infection Detection Using URL Correlation Analysis |