Abstract
Network monitoring systems that detect and analyze malicious activities as well as counter them, are becoming increasingly important. As malwares, such as worms, viruses, and bots, can inflict significant damages on both the infrastructure and the end user, technologies for identifying such propagating malwares are in great demand. In the large-scale darknet monitoring operation, we can see that malwares have various kinds of scan patterns that involves choosing destination IP addresses. With a focus on such scan patterns, this paper proposes a novel concept of malware feature extraction and a distinct analysis method named ‘‘SPectrum Analysis for Distinction and Extraction of malware features (SPADE).’’Through several evaluations using real scan traffic, we show that SPADE has the significant advantage of recognizing the similarities and dissimilarities between the same and different types of malwares.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: The Internet Motion Sensor: A Distributed Blackhole Monitoring System. In: The 12th Annual Network and Distributed System Security Symposium, NDSS 2005 (2005)
Moore, D.: Network Telescopes: Tracking Denial-of-Service Attacks and Internet Worms around the Globe. In: 17th Large Installation Systems Administration Conference, LISA 2003 (2003)
Inoue, D., Eto, M., Yoshioka, K., Baba, S., Suzuki, K., Nakazato, J., Ohtaka, K., Nakao, K.: nicter: An Incident Analysis System Toward Binding Network Monitoring with Malware Analysis. In: WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pp. 58–66 (2008)
Nakao, K., Yoshioka, K., Inoue, D., Eto, M.: A Novel Concept of Network Incident Analysis based on Multi-layer Observations of Malware Activities. In: The 2nd Joint Workshop on Information Security (JWIS 2007), pp. 267–279 (2007)
Filiol, E.: Malware Pattern Scanning Schemes Secure Against Black-box Analysis. Journal in Computer Virology 2, 35–50 (2006)
Zou, C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: 9th ACM conference on Computer and communications security, pp. 138–147 (2002)
Chen, Z., Gao, L., Kwiat, K.: Modeling the spread of active worms. In: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2003, vol. 3. IEEE, Los Alamitos (2003)
Garetto, M., Gong, W., Towsley, D., di Elettronica, D.: Modeling malware spreading dynamics. In: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2003, vol. 3. IEEE, Los Alamitos (2003)
Mitra, U., Ortega, A., Heidemann, J., Papadopoulos, C.: Detecting and Identifying Malware: A New Signal Processing Goal. Signal Processing Magazine 23, 107–111 (2006)
Yu, W., Wang, X., Calyam, P., Xuan, D., Zhao, W.: On Detecting Camouflaging Worm. In: 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 235–244. IEEE Computer Society. Washington (2006)
Harris, F.: On the use of windows for harmonic analysis with the discrete Fourier transform. Proceedings of the IEEE 66, 51–83 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eto, M., Sonoda, K., Inoue, D., Yoshioka, K., Nakao, K. (2009). A Proposal of Malware Distinction Method Based on Scan Patterns Using Spectrum Analysis. In: Leung, C.S., Lee, M., Chan, J.H. (eds) Neural Information Processing. ICONIP 2009. Lecture Notes in Computer Science, vol 5864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10684-2_63
Download citation
DOI: https://doi.org/10.1007/978-3-642-10684-2_63
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10682-8
Online ISBN: 978-3-642-10684-2
eBook Packages: Computer ScienceComputer Science (R0)