Eiger

Kurogome, Yuma; Otsuki, Yuto; Kawakoya, Yuhei; Hayashi, Syogo; Mori, Tatsuya; Sen, Koushik

doi:10.1145/3359789.3359808

Cited by 19 publications

(3 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-More than ten anti-virus engines detected as malicious (to extract samples with high certainty as malware; established with reference to [11])…”

Section: Datasetmentioning

confidence: 99%

“…as an allow list. A method called EIGER [11] creates signatures based on dynamic analysis of logs of malware and is configured to have no effect on the behavior logs of public Windows applications. Although these methods consider the influence of normal communication, the same as SIGMA, normal communication is limited to general applications.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automatic URL Signature Construction and Impact Assessment

Fujii,

Kawaguchi,

Suzuki

et al. 2024

Information Engineering Express

View full text Add to dashboard Cite

In the more recent cyberattacks and malware, the servers of the attacker (e.g., C2 servers) play an important role. It is important to use network-based signatures to block malicious communications to reduce the impact. However, the signatures must not block harmless communications during normal business operations. Therefore, signature generation requires a high level of understanding of the business, and highly depends on individual skills. It is necessary to test and ensure that the generated signatures do not interfere with benign communications, which results in high operational costs. We propose SIGMA, a system that automatically generates signatures to block malicious communication without interfering with benign communication and then automatically evaluates the impact of the signatures. SIGMA automatically extracts the common parts of malware communication destinations by clustering them and generating multiple candidate signatures. Thereafter, it automatically calculates the impact on normal communication based on business logs, etc., and presents the final signature that has the highest blockability of malicious communication and non-blockability of normal communication to the analyst. We aim to reduce the human factor in generating the signatures, reduce the cost of the impact evaluation, and support the decision of whether to apply the signatures. In our evaluation, we showed that SIGMA can automatically generate a set of signatures that detect 100% of suspicious URLs with an over-detection rate of just 0.87%, based on the results of 14,238 malware analyses and actual business logs. This result suggests that the cost of generating signatures and evaluating their impact on business operations can be reduced; these are time-consuming and human-intensive processes.

show abstract

“…-More than ten anti-virus engines detected as malicious (to extract samples with high certainty as malware; established with reference to [11])…”

Section: Datasetmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Automatic URL Signature Construction and Impact Assessment

Fujii,

Kawaguchi,

Suzuki

et al. 2024

Information Engineering Express

View full text Add to dashboard Cite

show abstract

“…NTT Secure Platform Laboratories is researching and developing malware-analysis technology that comprehensively identifies the behavior of malware that has various anti-analysis functions. The automatic IOC generation technology [1] introduced here generates an IOC with high detection accuracy, coverage, and interpretability by using the behavior logs extracted with that malware-analysis technology as input. Specifically, an IOC is generated by the following procedure (Fig.…”

Section: Automatic Generation Of Iocmentioning

confidence: 99%

The Forefront of Cyberattack Countermeasures Focusing on Traces of Attacks

Kanemoto

Kurogome

Aoki

et al. 2020

NTT Technical Review

Self Cite

View full text Add to dashboard Cite

Cyberattacks have become more capable of infiltrating corporate networks with malware by skillfully deceiving the target, and it is becoming increasingly difficult to prevent infections before they occur. Regarding web servers that are open to the public, the frequency of attacks increases and alerts occur more frequently as attack techniques become well known. It is thus becoming difficult to determine which attack to respond to. In this article, the forefront of cyberattack countermeasures focusing on traces left by attacks is discussed to address this issue.

show abstract

About the Robustness and Looseness of Yara Rules

Carapella

Vecchio

Nardi

et al. 2020

Testing Software and Systems

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Eiger

Cited by 19 publications

References 39 publications

Automatic URL Signature Construction and Impact Assessment

Automatic URL Signature Construction and Impact Assessment

The Forefront of Cyberattack Countermeasures Focusing on Traces of Attacks

About the Robustness and Looseness of Yara Rules

Contact Info

Product

Resources

About