IDENTIFICATION DEVICE, IDENTIFICATION METHOD, AND IDENTIFICATION PROGRAM

WIPO Patent Application WO/2016/093182

A1

In the present invention, when malware (11a) is executed a command server identification device (10) assigns to data received by the malware (11a) a tag capable of uniquely identifying identification information of the data transmission source, and tracks the propagation of the tagged data. In addition, the command server identification device (10) acquires, among the tracked data, the tag of data referenced by a branch command executed by the malware (11a). Furthermore, the command server identification device (10) analyzes information pertaining to the commands of branch destinations not executed by the malware (11a) after the branch command. Then, on the basis of the analysis result, the command server identification device (10) identifies, from the identification information of the transmission source corresponding to the acquired tag, the identification information of the command server issuing commands to the malware (11a).

IKUSE TOMONORI (JP)
AOKI KAZUFUMI (JP)
HARIU TAKEO (JP)

PCT/JP2015/084215

June 16, 2016

December 04, 2015

Click for automatic bibliography generation  

NIPPON TELEGRAPH & TELEPHONE (JP)

G06F21/56; G06F21/53

WO2015137235A1

2015-09-17

TOMONORI IKUSE ET AL.: "Identifying C&C Server by Analyzing Relation between Control Flow and Communications", IEICE TECHNICAL REPORT, vol. 113, no. 502, 20 March 2014 (2014-03-20), pages 137 - 142, XP055250109
See also references of EP 3232359A4

SAKAI INTERNATIONAL PATENT OFFICE (JP)
Patent business corporation Sakai international patent firm (JP)

View/Download PDF      PDF Help

Previous Patent: TRANSPARENT SHEET, TRANSPARENT SCREEN COMPRISING SAME, AND IMAGE PROJECTOR INCLUDING SAME

Next Patent: STABILIZER