WEKO3
アイテム
Novel Deception Techniques for Malware Detection on Industrial Control Systems
https://ipsj.ixsq.nii.ac.jp/records/212858
https://ipsj.ixsq.nii.ac.jp/records/21285801728fea-9741-4906-9991-2bccc3ceb53c
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6209009.pdf (1.2 MB)
|
Copyright (c) 2021 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2021-09-15 | |||||||||||||
| タイトル | ||||||||||||||
| タイトル | Novel Deception Techniques for Malware Detection on Industrial Control Systems | |||||||||||||
| タイトル | ||||||||||||||
| 言語 | en | |||||||||||||
| タイトル | Novel Deception Techniques for Malware Detection on Industrial Control Systems | |||||||||||||
| 言語 | ||||||||||||||
| 言語 | eng | |||||||||||||
| キーワード | ||||||||||||||
| 主題Scheme | Other | |||||||||||||
| 主題 | [特集:Society 5.0を実現するコンピュータセキュリティ技術] industrial control system (ICS), malware detection, darknet monitoring, honeypot, server message block (SMB), address resolution protocol (ARP) | |||||||||||||
| 資源タイプ | ||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||
| 資源タイプ | journal article | |||||||||||||
| 著者所属 | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属 | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属 | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属 | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者所属(英) | ||||||||||||||
| en | ||||||||||||||
| FUJITSU LABORATORIES LTD. | ||||||||||||||
| 著者名 |
Takanori, Machida
× Takanori, Machida
× Dai, Yamamoto
× Yuki, Unno
× Hisashi, Kojima
|
|||||||||||||
| 著者名(英) |
Takanori, Machida
× Takanori, Machida
× Dai, Yamamoto
× Yuki, Unno
× Hisashi, Kojima
|
|||||||||||||
| 論文抄録 | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | To maintain the availability of industrial control systems (ICS), it is important to robustly detect malware infection that spreads within the ICS network. In ICS, a host often communicates with the determined hosts; for instance, a supervisory control host observes and controls the same devices routinely via the network. Therefore, a communication request to the unused internet protocol (IP) address space, i.e., darknet, in the ICS network is likely to be caused by malware in the compromised host in the network. That is, darknet monitoring may enable us to detect malware that tries to spread indiscriminately within the network. On the other hand, clever malware, such as malware determining target hosts of infection with reference to host lists in the networks, infects the confined hosts in the networks, and consequently evades detection by security sensors or honeypots. In this paper, we propose novel deception techniques that lure such malware to our sensor, by embedding the sensor information continuously in the lists of hosts in the ICS networks. In addition, the feasibility of the proposed deception techniques is shown through our simplified implementation by using actual malware samples: WannaCry and Conficker. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.29(2021) (online) DOI http://dx.doi.org/10.2197/ipsjjip.29.559 ------------------------------ |
|||||||||||||
| 論文抄録(英) | ||||||||||||||
| 内容記述タイプ | Other | |||||||||||||
| 内容記述 | To maintain the availability of industrial control systems (ICS), it is important to robustly detect malware infection that spreads within the ICS network. In ICS, a host often communicates with the determined hosts; for instance, a supervisory control host observes and controls the same devices routinely via the network. Therefore, a communication request to the unused internet protocol (IP) address space, i.e., darknet, in the ICS network is likely to be caused by malware in the compromised host in the network. That is, darknet monitoring may enable us to detect malware that tries to spread indiscriminately within the network. On the other hand, clever malware, such as malware determining target hosts of infection with reference to host lists in the networks, infects the confined hosts in the networks, and consequently evades detection by security sensors or honeypots. In this paper, we propose novel deception techniques that lure such malware to our sensor, by embedding the sensor information continuously in the lists of hosts in the ICS networks. In addition, the feasibility of the proposed deception techniques is shown through our simplified implementation by using actual malware samples: WannaCry and Conficker. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.29(2021) (online) DOI http://dx.doi.org/10.2197/ipsjjip.29.559 ------------------------------ |
|||||||||||||
| 書誌レコードID | ||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 62, 号 9, 発行日 2021-09-15 |
|||||||||||||
| ISSN | ||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||
