Proposal and Evaluation of Cyber Defense System Using Blacklist Refined Based on Authentication Results

In recent years, the damage from cyber attacks caused by sophisticated malware has continuously increased. It is therefore becoming more difficult to take countermeasures using traditional approaches such as antivirus and firewall products. Against the intrusion of malware, we propose an automated countermeasure technology system named Autonomous Evolution of Defense, which mitigates the risk of actual damage by controlling the internet connection for malware, and in addition optimizes the system's operating conditions. The system takes countermeasures immediately to mitigate risk without causing disruptive effects on business. However, a graylist of malicious addresses generated by malware analysis systems contains many false-positive addresses and is very "noisy" for use in blocking access based on the list. We therefore propose a new technique for improving the accuracy of the unreliable graylist of addresses using image authentication. We report here on the implementation of our system and results of evaluation.

[1]  Dwen-Ren Tsai,et al.  A proxy-based real-time protection mechanism for social networking sites , 2010, 44th Annual 2010 IEEE International Carnahan Conference on Security Technology.

[2]  Roberto Perdisci,et al.  From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware , 2012, USENIX Security Symposium.

[3]  Michele Colajanni,et al.  Collaborative architecture for malware detection and analysis , 2008, SEC.