| 1. Identity statement | ||||
| Reference Type | Conference Paper (Conference Proceedings) | |||
| Site | mtc-m21b.sid.inpe.br | |||
| Holder Code | isadg {BR SPINPE} ibi 8JMKD3MGPCW/3DT298S | |||
| Identifier | 8JMKD3MGP3W34P/3LR9GLB | |||
| Repository | sid.inpe.br/mtc-m21b/2016/06.07.13.54 (restricted access) | |||
| Last Update | 2016:06.07.13.54.45 (UTC) simone | |||
| Metadata Repository | sid.inpe.br/mtc-m21b/2016/06.07.13.54.45 | |||
| Metadata Last Update | 2021:02.04.02.20.16 (UTC) administrator | |||
| Secondary Key | INPE--PRE/ | |||
| DOI | 10.1117/12.2223968 | |||
| Citation Key | CamiloGregSant:2016:IdCoSy | |||
| Title | Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis  | |||
| Year | 2016 | |||
| Access Date | 2024, May 19 | |||
| Secondary Type | PRE CI | |||
| Number of Files | 1 | |||
| Size | 1577 KiB | |||
| 2. Context | ||||
| Author | 1 Camilo, Ana Ercilia Fernandes 2 Gregio, André 3 Santos, Rafael Duarte Coelho dos | |||
| Resume Identifier | 1 2 3 8JMKD3MGP5W/3C9JJ4N | |||
| Group | 1 CRH-CRH-INPE-MCTI-GOV-BR 2 3 LAC-CTE-INPE-MCTI-GOV-BR | |||
| Affiliation | 1 Instituto Nacional de Pesquisas Espaciais (INPE) 2 Centro de Tencologia da Informaçaõ 3 Instituto Nacional de Pesquisas Espaciais (INPE) | |||
| Author e-Mail Address | 1 ana.camilo@inpe.br 2 andre.gregio@cti.gov.br 3 rafael.santos@inpe.br | |||
| Editor | Ternovskiy, Igor V. Chin, Peter | |||
| Conference Name | Cyber Sensing 2016 | |||
| Conference Location | Baltimore, Maryland | |||
| Date | 17 Apr. | |||
| Publisher | SPIE | |||
| Book Title | Proceedings | |||
| History (UTC) | 2016-06-07 13:55:07 :: simone -> administrator :: 2016 2021-02-04 02:20:16 :: administrator -> simone :: 2016 | |||
| 3. Content and structure | ||||
| Is the master or a copy? | is the master | |||
| Content Stage | completed | |||
| Transferable | 1 | |||
| Content Type | External Contribution | |||
| Abstract | Malware detection may be accomplished through the analysis of their infection behavior. To do so, dynamic analysis systems run malware samples and extract their operating system activities and network traffic. This traffic may represent malware accessing external systems, either to steal sensitive data from victims or to fetch other malicious artifacts (configuration files, additional modules, commands). In this work, we propose the use of visualization as a tool to identify compromised systems based on correlating malware communications in the form of graphs and finding isomorphisms between them. We produced graphs from over 6 thousand distinct network traffic files captured during malware execution and analyzed the existing relationships among malware samples and IP addresses. | |||
| Area | COMP | |||
| Arrangement 1 | urlib.net > BDMCI > Fonds > Produção anterior à 2021 > LABAC > Identifying compromised systems... | |||
| Arrangement 2 | Identifying compromised systems... | |||
| doc Directory Content | access | |||
| source Directory Content | there are no files | |||
| agreement Directory Content |
| |||
| 4. Conditions of access and use | ||||
| Language | en | |||
| Target File | camilo_identifying.pdf | |||
| User Group | simone | |||
| Reader Group | administrator simone | |||
| Visibility | shown | |||
| Read Permission | deny from all and allow from 150.163 | |||
| Update Permission | not transferred | |||
| 5. Allied materials | ||||
| Mirror Repository | urlib.net/www/2011/03.29.20.55 | |||
| Next Higher Units | 8JMKD3MGPCW/3ESGTTP 8JMKD3MGPCW/3EUL8TL | |||
| Citing Item List | sid.inpe.br/bibdigital/2013/10.06.00.30 2 sid.inpe.br/mtc-m21/2012/07.13.14.58.32 1 | |||
| Host Collection | sid.inpe.br/mtc-m21b/2013/09.26.14.25.20 | |||
| 6. Notes | ||||
| Notes | Proceedings of the SPIE, v.9826 | |||
| Empty Fields | archivingpolicy archivist callnumber copyholder copyright creatorhistory descriptionlevel dissemination e-mailaddress edition format isbn issn keywords label lineage mark nextedition numberofvolumes orcid organization pages parameterlist parentrepositories previousedition previouslowerunit progress project publisheraddress rightsholder schedulinginformation secondarydate secondarymark serieseditor session shorttitle sponsor subject tertiarymark tertiarytype type url versiontype volume | |||
| 7. Description control | ||||
| e-Mail (login) | simone | |||
| update | ||||