NTT R&D s anti-malware technologies



Similar documents
Anti-Malware Technologies


Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

SPEAR PHISHING AN ENTRY POINT FOR APTS

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Memory Forensics & Security Analytics: Detecting Unknown Malware

Detecting Unknown Malware: Security Analytics & Memory Forensics. Fahad Ehsan. Cyber Security #RSAC

Next Generation IPS and Reputation Services

IBM Advanced Threat Protection Solution

Scaling Big Data Mining Infrastructure: The Smart Protection Network Experience

Streamlining Web and Security

Unified Security Management and Open Threat Exchange

Secure Your Mobile Workplace

Data Driven Assessment of Cyber Risk:

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/

GRC & Cyber Security Conference - Bringing the Silos Together ISACA Ireland 3 Oct 2014 Fahad Ehsan

McAfee Network Security Platform

EVILSEED: A Guided Approach to Finding Malicious Web Pages

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Studying Security Weaknesses of Android System

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Deep Security Vulnerability Protection Summary

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

VESZPROG ANTI-MALWARE TEST BATTERY

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Cyber Security. Securing Your Mobile and Online Banking Transactions

Botnets: The Advanced Malware Threat in Kenya's Cyberspace

SourceFireNext-Generation IPS

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

The Dark Side of Trusting Web Searches From Blackhat SEO to System Infection

User Documentation Web Traffic Security. University of Stavanger

Fighting Advanced Threats

Protecting the Infrastructure: Symantec Web Gateway

How To Understand What A Virus Is And How To Protect Yourself From A Virus

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

Computer Security Maintenance Information and Self-Check Activities

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Design Your Security

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Cisco IPS Tuning Overview

SPEAR PHISHING UNDERSTANDING THE THREAT

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

WordPress Security Scan Configuration

About Botnet, and the influence that Botnet gives to broadband ISP

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Transaction Anomaly Protection Stopping Malware At The Door. White Paper

Security Intelligence Services.

Windows Server 2003 End of Support. What does it mean? What are my options?

HoneyBOT User Guide A Windows based honeypot solution

Internet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

ReadySpace Limited Unit J, 16/F Reason Group Tower, Castle PeakRoad, Kwai Chung, N.T.

Internet threats: steps to security for your small business

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Operation Liberpy : Keyloggers and information theft in Latin America

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

PERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT

Mobile App Reputation

Cisco Advanced Malware Protection

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

McAfee Phishing Quiz. Partner Enablement Guide

Cisco & Big Data Security

Software that provides secure access to technology, everywhere.

Symantec's Secret Sauce for Mobile Threat Protection. Jon Dreyfus, Ellen Linardi, Matthew Yeo

Security Awareness Program Learning Objectives. By Aron Warren Last Update 6/29/2012

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Microsoft Security Intelligence Report volume 7 (January through June 2009)

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

HackAlert Malware Monitoring

5 Steps to Advanced Threat Protection

Modular Network Security. Tyler Carter, McAfee Network Security

PROTECTION SERVICE FOR BUSINESS WELCOME TO THE BUSINESS OF FREEDOM

Transcription:

NTT R&D s anti-malware technologies Jan. 21, 2015 NTT Secure Platform Laboratories Takeo HARIU

Threats causes most of cyber attacks Major infection routes are web browsing, URL links in email messages, attachment files, etc. URL link http://... Users constant emergence of new malware Infection by web browsing Email http://... McAfee Labs Threats Report Nov. 2014 Infection by clicking web link Web browsing Exploiting / infection others http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2014.pdf?cid=bhp032 2

NTT R&D s Anti-malware Technologies Detect/gather the latest attacks using sensors Analyze gathered data such as malware samples Construct an intelligence database of threat information Implement countermeasures such as access filtering Web client type Web server type Android crawler Reputation / Profiling NTT R&D attack sensors Collected data files result dynamic Intelligence Database RELIEF 悪 性 サイトURL 攻 撃 元 Time series data of 攻 撃 コード Malicious マルウェア web sites 検 体 Sources 悪 of 性 attacks アプリ Exploiting 等 の codes 時 系 列 データ files communications 3

NTT R&D s Anti-malware Technologies Detect/gather the latest attacks using sensors Analyze gathered data such as malware samples Construct an intelligence database of threat information Implement countermeasures such as access filtering Web client type Web server type Android crawler Reputation / Profiling NTT R&D attack sensors Collected data files result dynamic Intelligence Database RELIEF 悪 性 サイトURL 攻 撃 元 Time series data of 攻 撃 コード Malicious マルウェア web sites 検 体 Sources 悪 of 性 attacks アプリ Exploiting 等 の codes 時 系 列 データ files communications 4

Web Client Type Honeypot A decoy web crawler which detects attacks to web browser vulnerabilities Crawls web sites, finds malicious web sites with exploiting codes or malware files, specifies attacks, and collects malware files Highly parallelized OSes and browsers make it possible to crawl many web sites Malicious site Crawling Web client type s Exploiting code downloading Web space in the OS (virtual machine) Web browser (process) 5

NTT R&D s Anti-malware Technologies Detect/gather the latest attacks using sensors Analyze gathered data such as malware samples Construct an intelligence database of threat information Implement countermeasures such as access filtering Web client type Web server type Android crawler Reputation / Profiling NTT R&D attack sensors Collected data files result dynamic Intelligence Database RELIEF 悪 性 サイトURL 攻 撃 元 Time series data of 攻 撃 コード Malicious マルウェア web sites 検 体 Sources 悪 of 性 attacks アプリ Exploiting 等 の codes 時 系 列 データ files communications 6

Dynamic Analysis Some malware acts communicating with attacker s C&C servers, so malware dynamic in environment is important Analyze malware behavior safely by using Fake Extract malware-related hosts information such as attacker s C&C servers, malware distribution sites Analysis environment malware Controls communications with benign users Benign sites Malicious sites Fake Fake generates fake responses 7

NTT R&D s Anti-malware Technologies Detect/gather the latest attacks using sensors Analyze gathered data such as malware samples Construct an intelligence database of threat information Implement countermeasures such as access filtering Web client type Web server type Android crawler Reputation / Profiling NTT R&D attack sensors Collected data files result dynamic Intelligence Database RELIEF 悪 性 サイトURL 攻 撃 元 Time series data of 攻 撃 コード Malicious マルウェア web sites 検 体 Sources 悪 of 性 attacks アプリ Exploiting 等 の codes 時 系 列 データ files communications 8

Security Intelligence DB RELIEF Analyze collected time-series data taking with various viewpoint such as nations, vulnerabilities Apply to countermeasures such as blocking malicious communications by using blacklists, alerting infected users or falsified web administrators Honeypots Network monitoring Operator Usage scenes Analysis Administrator Falsified site Security intelligence DB RELIEF Blocking malicious communications Cooperation with SIEM 9

Thank you! 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information