Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Clustering method for Analysis of Zeus Botnet Attack Types in the Cloud Environment

클라우드 환경에서 제우스 Botnet 공격 유형 분석을 위한 클러스터링 방안 연구

  • Received : 2016.10.27
  • Accepted : 2016.11.22
  • Published : 2017.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, developments in the various fields of cloud computing technology has been utilized. Whereas the demand for cloud computing services is increasing, security threats are also increasing in the cloud computing environments. Especially, in case when the hosts interconnected in the cloud environments are infected and propagated through the attacks by malware. It can have an effect on the resource of other hosts and other security threats such as personal information can be spreaded and data deletion. Therefore, the study of malware analysis to respond these security threats has been proceeded actively. This paper proposes a type of attack clustering method of Zeus botnet using the k-means clustering algorithm for malware analysis that occurs in the cloud environments. By clustering the malicious activity by a type of the Zeus botnet occurred in the cloud environments. it is possible to determine whether it is a malware or not. In the future, it sets a goal of responding to an attack of the new type of Zeus botnet that may occur in the cloud environments.

최근 클라우드 컴퓨팅 기술의 발전으로 인해 다양한 분야에서 클라우드 컴퓨팅 기술이 활용되고 있다. 클라우드 서비스의 수요가 증가하는 반면에 클라우드 환경에서의 보안 위협은 증가하고 있으며 특히, 악성코드에 의한 공격을 통해 클라우드 환경 내 상호 연결되어 있는 호스트들이 감염 전파될 경우 다른 호스트의 리소스에도 영향을 끼쳐 개인정보 및 데이터의 삭제 등의 보안위협이 확산될 수 있다. 따라서 이러한 보안 위협에 대응하기 위한 악성코드 분석 연구가 활발히 진행되고 있다. 이에 따라, 본 논문은 클라우드 환경에서 발생하는 악성코드 분석을 위해 k-means 클러스터링 알고리즘을 이용한 제우스 봇넷의 공격 유형별 군집화 방안을 제안한다. 이는 클라우드 환경 내 발생되는 제우스 봇넷에 대하여 악성행위를 유형별로 군집화 함으로써 악성 유무를 판별할 수 있으며, 추후 클라우드 환경에서 발생할 수 있는 새로운 유형의 제우스 봇넷 공격 대응을 목표로 한다.

Keywords

References

  1. Michael R. Watson, Noor-ul-hassan Shirazi and An gelos K. Marnerides, "Malware Detection in Cloud Computing Infrastructures" IEEE Transactions on De pendable and Secure Computing. pp. 192-205, July. 2015. http://dx.doi.org/10.1109/TDSC.2015.2457918
  2. Marcos Colon, Dan Raywood, "http://www.scmagazi neuk.com/new-variant-of-zeus-targets-logins-for-cloud -based-systems/article/236170/", SC Magazine UK, April, 2012.
  3. Mark Graham, Adrian Winckles, "Botnet Detection within Cloud Service Provider Networks using Flow Protocols" INDIN 13th IEEE International Conferenc e on Industrial Informatics, At Cambridge, July. 2015. http://dx.doi.org/10.1109/INDIN.2015.7281975
  4. N. Falliere, E. Chien "Zeus:King of the Bots Techni cal Report" Symantec, 2009. https://www.symantec.com/content/en/us/enterprise/media/security_response/ whitepapers/zeus_king_of_bots.pdf
  5. Bill Buchanan, "Implementaion and Evaluation of a Botnet Analysis and Detection Methods in a Virtual Environment", Edinburgh Naphier University, Aug 2012. http://www.iidi.napier.ac.uk/c/publications/publicationid/13373235
  6. H. Binsalleeh, T.Ormerod, "On the Analysis of the Z eus Botnet Crimeware Toolkit", Eighth Annual Inter national Conference on Privacy, Security and Trust, 2010. http://dx.doi.org/10.1109/PST.2010.5593240
  7. Philip Schwartz, "Setup and Analysis of Zeus Banking Trojan V2.0.8.9", Volatility and LibVMI in a Vir tualized lab, August, 2014. http://docplayer.net/12934 657-Setup-and-analysis-of-zeus-banking-trojan-v-2-0- 8-9-w-volatility-and-libvmi-in-a-virtualized-lab.html
  8. Jain, Anil K, "Data clustering: 50 years beyond K-meansq," Pattern Recognition Letters 31, pp. 651-666, 2010. http://dx.doi.org/10.1016/j.patrec.2009.09.011
  9. J.A. Hartigan and M.A. Wong, "Algorithm AS 136 : A K-Means Clustering Algorithm", Journal of the Royal Statistical Society. Series C, pp. 100-108, 1979 http://dx.doi.org/10.2307/2346830
  10. Pamulaparty, Lavanya, CV Guru Rao, and M. Sreenivasa Rao. "Cluster Analysis of Medical Research Data using R", Global Journal of Computer Science and Technology. 2016.
  11. Khormali, Aminollah, and Jalil Addeh. "A novel approach for recognition of control chart patterns: Type-2 fuzzy clustering optimized support vector machine", ISA transactions. 2016. http://dx.doi.org/10.1016/j.isatra.2016.03.004
  12. M. Irfan, M. Usman, Yan Zhuang, Simon Fong, "A critical Review of Security Threats in Cloud Computing", Internation Symposium on Computational and Business Intelligence. Dec. 2015. https://doi.org/10.1109/iscbi.2015.26
  13. Mariano Graziano, Corrado Leita, Davide Balzarotti, "Towards Network Containment in Malware Analysis Systems", Annual Computer Security Applicati ons Conference. 2012. https://doi.org/10.1145/2420950.2421000