nicter: An incident analysis system toward binding network monitoring with malware analysis
2008 WOMBAT Workshop on Information Security Threats Data …, 2008•ieeexplore.ieee.org
We have been developing the Network Incident analysis Center for Tactical Emergency
Response (nicter), whose present focus is on detecting and identifying propagating
malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of
unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps
capturing and analyzing malware executables in the wild for their microscopic analysis.
Finally, these macroscopic and microscopic analysis results are correlated in order to …
Response (nicter), whose present focus is on detecting and identifying propagating
malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of
unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps
capturing and analyzing malware executables in the wild for their microscopic analysis.
Finally, these macroscopic and microscopic analysis results are correlated in order to …
We have been developing the Network Incident analysis Center for Tactical Emergency Response (nicter), whose present focus is on detecting and identifying propagating malwares such as worms, viruses, and bots. The nicter presently monitors darknet, a set of unused IP addresses, to observe macroscopic trends of network threats. Meantime, it keeps capturing and analyzing malware executables in the wild for their microscopic analysis. Finally, these macroscopic and microscopic analysis results are correlated in order to identify the root cause of the detected network threats. This paper describes a brief overview of the nicter, and possible contributions to the Worldwide Observatory of Malicious Behavior and Attack Tools (WOMBAT).
ieeexplore.ieee.org
