查看文章

Malware, such as computer viruses, worms, and bots, has been recognized as one of the major security threats in the Internet environment, and a large amount of research and development is taking place to find effective countermeasures. These countermeasures are mainly based on either macroscopic or microscopic analysis. Macroscopic analysis is based on monitoring the network in order to grasp the global trends of malware propagations while microscopic analysis investigates malware executables to identify the details of how they behave. We have been developing the network incident analysis center for tactical emergency response (NICTER), where both kinds of analysis are highly integrated. By integrating and correlating the results from the both two approaches, the nicter binds phenomena, i.e., scans observed by network monitoring with their root causes, i.e., malwares. Previous analysis of malware …