A method of detecting abnormal malicious remote control codes using network domain information

Hyung Geun Oh, Jung Taek Seo, Jong In Lim, Jong Sub Moon

    Research output: Contribution to journalArticlepeer-review

    Abstract

    Since the malicious code used in the latest APT (Advanced Persistent Threat) attacks new, hitherto unknown security vulnerabilities, it is almost impossible to detect with: the conventional pattern-based information security system. Consequently, various targeted attacks such as internal data leakage and system demolition have inflicted great damage, thereby raising the need for a new concept of malicious code detection. This paper proposes a new method of detecting abnormal connections by observing the status of connection of an attack system connected to a target system over the network. This method can detect the connection of new malicious codes very efficiently using only the existing network data, and can intercept the leakage of internal data or the transfer of attack commands.

    Original languageEnglish
    Pages (from-to)2181-2192
    Number of pages12
    JournalInformation
    Volume15
    Issue number5
    Publication statusPublished - 2012 May

    Keywords

    • Abnormal malicious code
    • Abnormal network connection
    • Domain name information
    • Extrusion detection
    • Intrusion detection
    • Remote control malware

    ASJC Scopus subject areas

    • Information Systems

    Fingerprint

    Dive into the research topics of 'A method of detecting abnormal malicious remote control codes using network domain information'. Together they form a unique fingerprint.

    Cite this