Shota Fujii, Takayuki Sato, Sho Aoki, Yu Tsuda, Y. Okano, Tomohiro Shigemoto, N. Kawaguchi, M. Terada
{"title":"Continuous and Multiregional Monitoring of Malicious Hosts","authors":"Shota Fujii, Takayuki Sato, Sho Aoki, Yu Tsuda, Y. Okano, Tomohiro Shigemoto, N. Kawaguchi, M. Terada","doi":"10.1145/3372297.3420018","DOIUrl":null,"url":null,"abstract":"The number of cybersecurity threats has been increasing, and these threats have become more sophisticated year after year. Malicious hosts play a large role in modern cyberattacks, e.g., as a launcher of remote-control attacks or as a receiver of stolen information. In such circumstances, continuous monitoring of malicious hosts (URL/IP addresses) is indispensable to reveal cyberattack activities, and many studies have been conducted on that. However, many of them have limitations: they help only in the short-term or they help only a few regions and/or a few organizations. Therefore, we cannot effectively monitor attacks that are active for only a short time or that change their behavior depending on where the victims are from (e.g., country/organization). In this paper, we propose Stargazer, a program that monitors malicious hosts from multiple points on a long-term basis. Multiregional monitoring sensors and inter-organizational collaboration are conducted to achieve this surveillance. In this paper, we describe an implementation of the Stargazer prototype and how monitoring was carried out using multiregional sensors starting in Dec. 2018 of 1,050 malicious hosts; 10,929,418 measurements were obtained. Case studies on (1) revived hosts, (2) hosts that only respond to specific regions, and (3) the behavior of attack preparation were created.","PeriodicalId":20481,"journal":{"name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","volume":"36 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2020-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3372297.3420018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The number of cybersecurity threats has been increasing, and these threats have become more sophisticated year after year. Malicious hosts play a large role in modern cyberattacks, e.g., as a launcher of remote-control attacks or as a receiver of stolen information. In such circumstances, continuous monitoring of malicious hosts (URL/IP addresses) is indispensable to reveal cyberattack activities, and many studies have been conducted on that. However, many of them have limitations: they help only in the short-term or they help only a few regions and/or a few organizations. Therefore, we cannot effectively monitor attacks that are active for only a short time or that change their behavior depending on where the victims are from (e.g., country/organization). In this paper, we propose Stargazer, a program that monitors malicious hosts from multiple points on a long-term basis. Multiregional monitoring sensors and inter-organizational collaboration are conducted to achieve this surveillance. In this paper, we describe an implementation of the Stargazer prototype and how monitoring was carried out using multiregional sensors starting in Dec. 2018 of 1,050 malicious hosts; 10,929,418 measurements were obtained. Case studies on (1) revived hosts, (2) hosts that only respond to specific regions, and (3) the behavior of attack preparation were created.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
