مرکز منطقه ای اطلاع رساني علوم و فناوري - The method of detecting malware-infected hosts analyzing firewall and proxy logs

DocumentCode :

1730484

Title :

The method of detecting malware-infected hosts analyzing firewall and proxy logs

Author :

Kamiya, Kazunori ; Aoki, Kazufumi ; Nakata, Kensuke ; Sato, Toru ; Kurakami, Hiroshi ; Tanikawa, Masaki

fYear :

2015

Firstpage :

Lastpage :

Abstract :

In this paper, we propose the detection method that analyzes Firewall logs as well as Proxy logs. This method detects infected-hosts by using both TCP/IP-based malicious list and HTTP-based malicious list. All of malicious lists are automatically generated by dynamic analysis of malware and training with network traffic logs.

Keywords :

invasive software; telecommunication traffic; HTTP; TCP-IP; dynamic analysis; firewall logs; malicious lists; malware-infected host detection; network traffic logs; proxy logs; Accuracy; Data mining; Firewalls (computing); Malware; Protocols;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Information and Telecommunication Technologies (APSITT), 2015 10th Asia-Pacific Symposium on

Conference_Location :

Colombo

Type :

conf

DOI :

10.1109/APSITT.2015.7217113

Filename :

7217113

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1730484