[go: up one dir, main page]

Mimura et al., 2017 - Google Patents

A practical experiment of the HTTP-based RAT detection method in proxy server logs

Mimura et al., 2017

Document ID
13673907093523656288
Author
Mimura M
Otsubo Y
Tanaka H
Tanaka H
Publication year
Publication venue
2017 12th Asia Joint Conference on Information Security (AsiaJCIS)

External Links

Snippet

Detecting RAT (Remote Access Trojan or Remote Administration Tool) used in APT (Advanced Persistent Threat) attacks is a challenging task. Many previous methods to detect RATs on the network require monitoring all network traffic. However, it is difficult to keep all …
Continue reading at ieeexplore.ieee.org (other versions)

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls

Similar Documents

Publication Publication Date Title
Anderson et al. Deciphering malware’s use of TLS (without decryption)
US11102223B2 (en) Multi-host threat tracking
Prasse et al. Malware detection by analysing network traffic with neural networks
US8561188B1 (en) Command and control channel detection with query string signature
US11153330B1 (en) Detection of DNS (domain name system) tunneling and exfiltration through DNS query analysis
Csikor et al. Privacy of DNS-over-HTTPS: Requiem for a Dream?
EP2901612A2 (en) Apparatus, system and method for identifying and mitigating malicious network threats
US20220191223A1 (en) System and Method for Intrusion Detection of Malware Traffic based on Feature Information
Mimura et al. A practical experiment of the HTTP-based RAT detection method in proxy server logs
Fachkha et al. Investigating the dark cyberspace: Profiling, threat-based analysis and correlation
Thomas Improving intrusion detection for imbalanced network traffic
Sammour et al. DNS tunneling: A review on features
Lamprakis et al. Unsupervised detection of APT C&C channels using web request graphs
Kovanen et al. Survey: Intrusion detection systems in encrypted traffic
US20180375884A1 (en) Detecting user behavior activities of interest in a network
Almousa et al. Identification of ransomware families by analyzing network traffic using machine learning techniques
Yang et al. Detecting DNS tunnels using session behavior and random forest method
Wang et al. Behavior‐based botnet detection in parallel
Abdulla et al. Employing machine learning algorithms to detect unknown scanning and email worms.
Moure-Garrido et al. Detecting malicious use of doh tunnels using statistical traffic analysis
US20240430287A1 (en) System and method for locating dga compromised ip addresses
Nikolaev et al. Exploit kit website detection using http proxy logs
Seo et al. Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling
Jingping et al. Detection and recognition of atomic evasions against network intrusion detection/prevention systems
Niu et al. HTTP‐Based APT Malware Infection Detection Using URL Correlation Analysis