Paper Abstract and Keywords |
Presentation |
2015-03-04 10:50
Prediction of Malware Activities based on Loopback Address from DNS Masaki Kamizono (NICT/SecureBrain), Takashi Tomine, Yu Tsuda, Masashi Eto (NICT), Yuji Hoshizawa (Securebrain Corporation), Daisuke Inoue (NICT), Katsunari Yoshioka, Tsutomu Matsumoto (ynu) ICSS2014-80 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
During malware dynamic analysis, the analysis system often finds the loopback address in responses of DNS name resolution. They are the results of a countermeasure of service providers in order to mitigate malicious activities by disabling resolution of malicious host names. Meanwhile, recent attackers control malware by applying the loopback address to deactivate them as well as applying actual IP addresses to reactivate them. This research proposes a system to observe DNS responses with the loopback address and analyses the observed responses. Additionally, by focusing on a change of the loopback address in a DNS response, this research verifies the efficiency of dynamic analysis by comparing analysis results before and after the change of the DNS response. Based on the verification, this paper considers a method which derives emerging malicious sites and FQDNs. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Malware / Malware Dynamic Analysis / DNS / Loopback Address / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 114, no. 489, ICSS2014-80, pp. 103-108, March 2015. |
Paper # |
ICSS2014-80 |
Date of Issue |
2015-02-24 (ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2014-80 |
|