A method of detecting abnormal malicious remote control codes using network domain information

Hyung Geun Oh; Jung Taek Seo; Jong In Lim; Jong Sub Moon

A method of detecting abnormal malicious remote control codes using network domain information

Hyung Geun Oh, Jung Taek Seo, Jong In Lim, Jong Sub Moon

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

Abstract

Since the malicious code used in the latest APT (Advanced Persistent Threat) attacks new, hitherto unknown security vulnerabilities, it is almost impossible to detect with: the conventional pattern-based information security system. Consequently, various targeted attacks such as internal data leakage and system demolition have inflicted great damage, thereby raising the need for a new concept of malicious code detection. This paper proposes a new method of detecting abnormal connections by observing the status of connection of an attack system connected to a target system over the network. This method can detect the connection of new malicious codes very efficiently using only the existing network data, and can intercept the leakage of internal data or the transfer of attack commands.

Original language	English
Pages (from-to)	2181-2192
Number of pages	12
Journal	Information
Volume	15
Issue number	5
Publication status	Published - 2012 May

Keywords

Abnormal malicious code
Abnormal network connection
Domain name information
Extrusion detection
Intrusion detection
Remote control malware

ASJC Scopus subject areas

Information Systems

Cite this

@article{6bf8574aa8c34f20b001f2ebbf013ce1,

title = "A method of detecting abnormal malicious remote control codes using network domain information",

abstract = "Since the malicious code used in the latest APT (Advanced Persistent Threat) attacks new, hitherto unknown security vulnerabilities, it is almost impossible to detect with: the conventional pattern-based information security system. Consequently, various targeted attacks such as internal data leakage and system demolition have inflicted great damage, thereby raising the need for a new concept of malicious code detection. This paper proposes a new method of detecting abnormal connections by observing the status of connection of an attack system connected to a target system over the network. This method can detect the connection of new malicious codes very efficiently using only the existing network data, and can intercept the leakage of internal data or the transfer of attack commands.",

keywords = "Abnormal malicious code, Abnormal network connection, Domain name information, Extrusion detection, Intrusion detection, Remote control malware",

author = "Oh, {Hyung Geun} and Seo, {Jung Taek} and Lim, {Jong In} and Moon, {Jong Sub}",

year = "2012",

month = may,

language = "English",

volume = "15",

pages = "2181--2192",

journal = "Information (Japan)",

issn = "1343-4500",

publisher = "International Information Institute",

number = "5",

}

TY - JOUR

T1 - A method of detecting abnormal malicious remote control codes using network domain information

AU - Oh, Hyung Geun

AU - Seo, Jung Taek

AU - Lim, Jong In

AU - Moon, Jong Sub

PY - 2012/5

Y1 - 2012/5

N2 - Since the malicious code used in the latest APT (Advanced Persistent Threat) attacks new, hitherto unknown security vulnerabilities, it is almost impossible to detect with: the conventional pattern-based information security system. Consequently, various targeted attacks such as internal data leakage and system demolition have inflicted great damage, thereby raising the need for a new concept of malicious code detection. This paper proposes a new method of detecting abnormal connections by observing the status of connection of an attack system connected to a target system over the network. This method can detect the connection of new malicious codes very efficiently using only the existing network data, and can intercept the leakage of internal data or the transfer of attack commands.

AB - Since the malicious code used in the latest APT (Advanced Persistent Threat) attacks new, hitherto unknown security vulnerabilities, it is almost impossible to detect with: the conventional pattern-based information security system. Consequently, various targeted attacks such as internal data leakage and system demolition have inflicted great damage, thereby raising the need for a new concept of malicious code detection. This paper proposes a new method of detecting abnormal connections by observing the status of connection of an attack system connected to a target system over the network. This method can detect the connection of new malicious codes very efficiently using only the existing network data, and can intercept the leakage of internal data or the transfer of attack commands.

KW - Abnormal malicious code

KW - Abnormal network connection

KW - Domain name information

KW - Extrusion detection

KW - Intrusion detection

KW - Remote control malware

UR - http://www.scopus.com/inward/record.url?scp=84863213413&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84863213413

SN - 1343-4500

VL - 15

SP - 2181

EP - 2192

JO - Information (Japan)

JF - Information (Japan)

IS - 5

ER -

A method of detecting abnormal malicious remote control codes using network domain information

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this