ID | 65536 |
フルテキストURL | |
著者 |
Fujii, Shota
Graduate School of Natural Science and Technology, Okayama University
Sato, Takayuki
Research and Development Group, Hitachi Ltd.
Aoki, Sho
Research and Development Group, Hitachi Ltd.
Tsuda, Yu
National Institute of Information and Communications Technology
Kawaguchi, Nobutaka
Research and Development Group, Hitachi Ltd.
Shigemoto, Tomohiro
Research and Development Group, Hitachi Ltd.
Terada, Masato
Research and Development Group, Hitachi Ltd.
|
抄録 | Malicious hosts have come to play a significant and varied role in today's cyber attacks. Some of these hosts are equipped with a technique called cloaking, which discriminates between access from potential victims and others and then returns malicious content only to potential victims. This is a serious threat because it can evade detection by security vendors and researchers and cause serious damage. As such, cloaking is being extensively investigated, especially for phishing sites. We are currently engaged in a long-term cloaking study of a broader range of threats. In the present study, we implemented Stargazer, which actively monitors malicious hosts and detects geographic and temporal cloaking, and collected 30,359,410 observations between November 2019 and February 2022 for 18,397 targets from 13 sites where our sensors are installed. Our analysis confirmed that cloaking techniques are widely abused, i.e., not only in the context of specific threats such as phishing. This includes geographic and time-based cloaking, which is difficult to detect with single-site or one-shot observations. Furthermore, we found that malicious hosts that perform cloaking include those that survive for relatively long periods of time, and those whose contents are not present in VirusTotal. This suggests that it is not easy to observe and analyze the cloaking malicious hosts with existing technologies. The results of this study have deepened our understanding of various types of cloaking, including geographic and temporal ones, and will help in the development of future cloaking detection methods.
|
キーワード | Cloaking
cyber security
geofencing
malcious host
time-series
|
発行日 | 2023-05-29
|
出版物タイトル |
IEEE Access
|
巻 | 11巻
|
出版者 | Institute of Electrical and Electronics Engineers
|
開始ページ | 52750
|
終了ページ | 52762
|
ISSN | 2169-3536
|
資料タイプ |
学術雑誌論文
|
言語 |
英語
|
OAI-PMH Set |
岡山大学
|
論文のバージョン | publisher
|
DOI | |
Web of Science KeyUT | |
関連URL | isVersionOf https://doi.org/10.1109/ACCESS.2023.3280815
|
ライセンス | https://creativecommons.org/licenses/by-nc-nd/4.0/
|
Citation | S. Fujii et al., "Stargazer: Long-Term and Multiregional Measurement of Timing/ Geolocation-Based Cloaking," in IEEE Access, vol. 11, pp. 52750-52762, 2023, doi: 10.1109/ACCESS.2023.3280815.
|