Geographical Visualization of Malware Download for Anomaly Detection

Author

Hiroguchi, Naoki ; Kikuchi, Hiroaki ; Sisaat, Khamphao ; Kittitornkun, Surin

Author_Institution

Grad. Sch. of Eng., Tokai Univ., Hiratsuka, Japan

fYear

2012

fDate

9-10 Aug. 2012

Firstpage

74

Lastpage

78

Abstract

We study a linkage between attacks in cyberspace and incidents in our real world. For example, the Internet had been closed down in Egypt for preventing protests against President Hosni Mubarak. Meanwhile, for more than two weeks we have observed that no port-scan packet were sent from Egypt to Japan. This motivates us for this study to find any incident between botnet attacks which were involved many vulnerable servers and the real events occurred in the world. For this purpose, we developed the virtualization system on Google Earth service for plotting source IP addresses of botnet communications. We investigated the actual malware downloading events observed by more than 70 distributed honey pots in the Japanese backbone network. In order to automate the detection process, we study some anomaly detection schemes base on the entropy of honey pot activities. Our analysis shows some evidences that botnet attacks are involved in our real world.

Keywords

IP networks; Internet; data visualisation; geographic information systems; invasive software; Google Earth service; IP address; Internet; anomaly detection; botnet attacks; botnet communications; cyberspace; geographical visualization; malware download; Cities and towns; Earth; Educational institutions; Google; IP networks; Malware; Servers; Botnet; Maleware;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security (Asia JCIS), 2012 Seventh Asia Joint Conference on

Conference_Location

Tokyo

Print_ISBN

978-1-4673-2261-4

Electronic_ISBN

978-0-7695-4776-3

Type

conf

DOI

10.1109/AsiaJCIS.2012.20

Filename

6298138