Blacklist-based Malicious IP Traffic Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F15%3A00080509" target="_blank" >RIV/00216224:14330/15:00080509 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/GCCT.2015.7342657" target="_blank" >http://dx.doi.org/10.1109/GCCT.2015.7342657</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/GCCT.2015.7342657" target="_blank" >10.1109/GCCT.2015.7342657</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Blacklist-based Malicious IP Traffic Detection

Popis výsledku v původním jazyce

At present malicious software or malware has increased considerably to form a serious threat to Internet infrastructure. It becomes the major source of most malicious activities on the Internet such as direct attacks, (distributed) denial-of-service (DOS) activities and scanning. Infected machines may join a botnet and can be used as remote attack tools to perform malicious activities controlled by the botmaster. In this paper we present our methodology for detecting any connection to or from maliciousIP address which is expected to be command and control (C&amp;C) server. Our detection method is based on a blacklist of malicious IPs. This blacklist is formed based on different intelligence feeds at once. We process the network traffic and match the source and destination IP addresses of each connection with IP blacklist. The intelligence feeds are automatically updated each day and the detection is in the real time.

Název v anglickém jazyce

Blacklist-based Malicious IP Traffic Detection

Popis výsledku anglicky

At present malicious software or malware has increased considerably to form a serious threat to Internet infrastructure. It becomes the major source of most malicious activities on the Internet such as direct attacks, (distributed) denial-of-service (DOS) activities and scanning. Infected machines may join a botnet and can be used as remote attack tools to perform malicious activities controlled by the botmaster. In this paper we present our methodology for detecting any connection to or from maliciousIP address which is expected to be command and control (C&amp;C) server. Our detection method is based on a blacklist of malicious IPs. This blacklist is formed based on different intelligence feeds at once. We process the network traffic and match the source and destination IP addresses of each connection with IP blacklist. The intelligence feeds are automatically updated each day and the detection is in the real time.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobilní dedikované zařízení pro naplňování schopností reakce na počítačové incidenty</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of Global Conference on Communication Technologies (GCCT)

ISBN

9781479985531

ISSN

—

e-ISSN

—

Počet stran výsledku

5

Strana od-do

229-233

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Thuckalay, India

Místo konání akce

Thuckalay, India

Datum konání akce

23. 4. 2015

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—