Abstract
More recently, botnet-based cyber attacks, including a spam mail or a DDos attack, have sharply increased, which poses a fatal threat to Internet services. At present, antivirus businesses make it top priority to detect malicious code in the shortest time possible (Lv.2), based on the graph showing a relation between spread of malicious code and time, which allows them to detect after malicious code occurs. Despite early detection, however, it is not possible to prevent malicious code from occurring. Thus, we have developed an algorithm that can detect precursor symptoms at Lv.1 to prevent a cyber attack using an evasion method of ‘an executing environment aware attack’ by analyzing system behaviors and monitoring memory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Grizzard, J.B., et al.: Peer-to-Peer Botnets: Overview and Case Study (2002), http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard_html/
Moore, D., Voelker, G., Savage, S.: Inferring internet denial-of-service activity. In: USENIX Security Symposium (2001)
Freiling, F.C., et al.: Botnet Tracking - Exploring a Root-Cause Methodology. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319–335. Springer, Heidelberg (2005)
Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–14 (2007)
He, W., Hu, G., Yao, X.: Large-scale communication network behavior analysis and feature extraction using multiple motif pattern association rule mining. Wseas Transactions On Communications 8(5), 473–482 (2009)
ASEC Annual Report (2005)
Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for internet worms, Department of Computer Science, Univ. of Massachusetts, Amherst, Tech. Rep. TRCSE-03-01 (2003)
Honeynet Project (2009), http://www.honeynet.org
Baker, A.: Windows NT Device Driver Book: A Guide for Programmers, with Disk with Cdrom, 2nd edn. Prentice-Hall PTR, Englewood Cliffs (1996)
Park, C., Kang, K., Kwon, Y., Jang, H., Kim, C.: Botnet Traceback Based on Honeypot Using Memory Analysis. In: 2007 Korean Institute of Information Scientists and Engineers Conference, vol. 34(1), pp. 25–28 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jung, S., Kim, J.h., Cagalaban, G., Lim, Jh., Kim, S. (2010). Design of Cyber Attack Precursor Symptom Detection Algorithm through System Base Behavior Analysis and Memory Monitoring. In: Kim, Th., Vasilakos, T., Sakurai, K., Xiao, Y., Zhao, G., Ślęzak, D. (eds) Communication and Networking. FGCN 2010. Communications in Computer and Information Science, vol 120. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17604-3_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-17604-3_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17603-6
Online ISBN: 978-3-642-17604-3
eBook Packages: Computer ScienceComputer Science (R0)