Bibliographic Information

Other Title
  • TCP フィンガープリント ニ ヨル アクイ ノ アル ツウシン ノ ブンセキ
  • Analysis of Malicious Traffic Based on TCP Fingerprinting

Search this article



Modern kernel malwares compose of their own network drivers and use them directly from kernel-mode to conceal their activities from anti-malware tools. Since these network drivers have specific characteristics, we can detect traffic flows originating from those drivers by analyzing some parameters recorded in TCP headers. On the basis of the above characteristics, we apply a fingerprinting technique to collect IP addresses of the hosts that are likely infected with kernel malwares. Using the method, we also aim to understand the characteristics of the hosts infected with kernel malware and their communications using network measurement data collected in several production networks.


Citations (1)*help

See more


Details 詳細情報について

Report a problem

Back to top