Title :
nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis
Author :
Inoue, Daisuke ; Eto, Masashi ; Yoshioka, Katsunari ; Baba, Shunsuke ; Suzuki, Kazuya ; Nakazato, Junji ; Ohtaka, Kazuhiro ; Nakao, Koji
Author_Institution :
Nat. Inst. of Inf. & Commun. Technol., Tokyo
Abstract :
We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the worldwide observatory of malicious behavior and attack tools (WOMBAT).
Keywords :
Internet; invasive software; binding network monitoring; bots; incident analysis system; macroscopic analysis; malware analysis; microscopic analysis; network incident analysis center for tactical emergency response; network threats; unused IP addresses; viruses; worldwide observatory of malicious behavior and attack tools; worms; Computer worms; Detectors; Information analysis; Information security; Microscopy; Microwave integrated circuits; Monitoring; Observatories; Pattern analysis; Search engines; Incident Analysis; Malware Analysis; Network Monitoring; nicter;
Conference_Titel :
Information Security Threats Data Collection and Sharing, 2008. WISTDCS '08. WOMBAT Workshop on
Conference_Location :
Amsterdam
Print_ISBN :
978-0-7695-3347-6
DOI :
10.1109/WISTDCS.2008.14
