The method of detecting malware-infected hosts analyzing firewall and proxy logs

The number of security incidents is increasing and many of them are derived from malware activities. However, recent malware have become so sophisticated that commercial anti-virus software is not capable of detecting 100% of them. NTT Global Threat Intelligence Report shows that more than half of malware are not detected by commercial antivirus software [1]. Nowadays, post-infection countermeasure is important to minimize the damage caused by malware.