Development of a Detection and Responding System for Malware Communications by Using OpenFlow and Its Evaluation
暂无分享,去创建一个
Advanced Persistent Threat (APT) attacks, which have become prevalent in recent years, are classified into four phases. These are initial compromise phase, attacking infrastructure building phase, penetration and exploration phase, and mission execution phase. The malware on infected terminals attempts various communications on and after the attacking infrastructure building phase. In this research, using OpenFlow technology for virtual networks, we developed a system of identifying infected terminals by detecting communication events of malware communications in APT attacks. In addition, we prevent information fraud by using OpenFlow, which works as real-time path control. To evaluate our system, we executed malware infection experiments with a simulation tool for APT attacks and malware samples. In these experiments, an existing network using only entry control measures was prepared. As a result, we confirm the developed system is effective.
[1] Bing Wang,et al. Malware Detection for Mobile Devices Using Software-Defined Networking , 2013, 2013 Second GENI Research and Educational Experiment Workshop.
[2] Hung-Hsuan Huang,et al. Dynamic Isolation of Network Devices Using OpenFlow for Keeping LAN Secure from Intra-LAN Attack , 2013, KES.