Filters








443 Hits in 7.9 sec

Machine learning for network-based malware detection [article]

Matija Stevanovic
2016 Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet  
Research Question -How can an efficient identification of potentially compromised clients based on DNS traffic be implemented in large-scale ISP networks?  ...  The work presented in this thesis proposes novel methods that aim at providing efficient and accurate malware detection based on network traffic analysis.  ...  This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities.  ... 
doi:10.5278/vbn.phd.engsci.00088 fatcat:cd4txihrd5dt3nsjsmwjn53pbi

GMAD: Graph-based Malware Activity Detection by DNS traffic analysis

Jehyun Lee, Heejo Lee
2014 Computer Communications  
Through experiments with four sets of DNS traffic captured in two ISP networks in the U.S. and South Korea, we show that GMAD detected thousands of malicious domain names that had neither been blacklisted  ...  Since blocking domain names for command and control (C&C) of the malwares by analyzing their Domain Name System (DNS) activities has been the most effective and practical countermeasure, attackers attempt  ...  in large and complex network environments.  ... 
doi:10.1016/j.comcom.2014.04.013 fatcat:rqw475qczfgzthb6bmfreajr7q

Dark Matter: Uncovering the DarkComet RAT Ecosystem

Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, Kirill Levchenko
2020 Proceedings of The Web Conference 2020  
To date, the users and victims of this pernicious form of malware have been challenging to observe in the wild due to the unobtrusive nature of infections.  ...  Using a known method for collecting victim log databases from DarkComet controllers, we present novel techniques for tracking RAT controllers across hostname changes and improve on established techniques  ...  Further, 19% of controllers actively switched domain names during observation. In these cases, our methodology for controller tracking is necessary to accurately report on the observed controllers.  ... 
doi:10.1145/3366423.3380277 dblp:conf/www/FarinholtRML20 fatcat:rlkxoiun7ncd5hsp3aygpc2rzu

Using Failure Information Analysis to Detect Enterprise Zombies [chapter]

Zhaosheng Zhu, Vinod Yegneswaran, Yan Chen
2009 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
We propose failure information analysis as a novel strategy for uncovering malware activity and other anomalies in enterprise network traffic.  ...  Based on these observations, we describe the design of a prototype system called Netfuse to automatically detect and isolate malware-like failure patterns.  ...  Our approach: In this paper, we introduce a new behavior-based approach to detect infected hosts within an enterprise network.  ... 
doi:10.1007/978-3-642-05284-2_11 fatcat:2klhpaekdbftvgjrqrl4rwnmte

The MALICIA dataset: identification and analysis of drive-by download operations

Antonio Nappa, M. Zubair Rafique, Juan Caballero
2014 International Journal of Information Security  
We describe the interaction with ISPs and hosting providers and monitor the result of the report. We find that 61 % of the reports are not even acknowledged.  ...  In the drive-by ecosystem, many exploit servers run the same exploit kit and it is a challenge understanding whether the exploit server is part of a larger operation.  ...  In [19] , we identified exploit servers by the domain in their URLs. This was problematic because a large number of domains often resolve to the IP address of an exploit server.  ... 
doi:10.1007/s10207-014-0248-7 fatcat:cng7cx2fized3ie4gw55ko76mi

Malicious Domain Detection Based on Machine Learning

YI-DA YAN, ZHEN-YAN LIU, JUN-WEI ZHONG, DU CHENG, JING-FENG XUE, YONG WANG
2018 DEStech Transactions on Computer Science and Engineering  
At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field.  ...  And then we focus on a survey on the detection research of C&C (Command and Control) domain in Fast-flux botnets and Domain-flux botnets which are the most popular and the most challenging.  ...  Acknowledgements This work was financially supported by National Key R&D Program of China (2016YFB0801304)  ... 
doi:10.12783/dtcse/iceit2017/19866 fatcat:75wt7lq5zbct3elgcs7lbclo4e

The economics of cybersecurity: Principles and policy options

Tyler Moore
2010 International Journal of Critical Infrastructure Protection  
Finally, we make several recommendations for policy changes to improve cybersecurity: mitigating malware infections via ISPs by subsidized cleanup, mandatory disclosure of fraud losses and security incidents  ...  , mandatory disclosure of control system incidents and intrusions, and aggregating reports of cyber espionage and reporting to the World Trade Organization (WTO).  ...  A related type of convergence is that the networks themselves are becoming IP-based.  ... 
doi:10.1016/j.ijcip.2010.10.002 fatcat:qjvbh2vmqzfyxo3irjacirnj7i

AUTOPROBE

Zhaoyan Xu, Antonio Nappa, Robert Baykov, Guangliang Yang, Juan Caballero, Guofei Gu
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
In the battle against cybercriminals, accurately identifying the underlying malicious server infrastructure (e.g., C&C servers for botnet command and control) is of vital importance.  ...  AUTOPROBE addresses two fundamental limitations of existing active probing approaches: it supports pull-based C&C protocols, used by the majority of malware, and it generates fingerprints even in the common  ...  We also thank Zakir Durumeric and J. Alex Halderman, as well as VirusTotal, Malware Domain List, and URLQuery.  ... 
doi:10.1145/2660267.2660352 dblp:conf/ccs/XuNBYCG14 fatcat:pi4h5fk6kzb2pnaloosclwvxsu

Survey and Research Challenges of Botnet Forensics

Anchit Bijalwan, Meenakshi Thapaliyal, Emmanuel S Piili, R. C. Joshi
2013 International Journal of Computer Applications  
Attackers have developed the ability of controlling vast area of infected hosts, characterized by complex executable command set, each involved part in cooperative and coordinated attacks.  ...  These papers propose the advanced approach related botnet detection and analysis in the near future. It demonstrates a novel approach of botnet investigations and defense mechanisms.  ...  Botnets, networks of malware infected machines controlled by an adversary, are the root cause of a large number of Internet security problems.  ... 
doi:10.5120/13127-0483 fatcat:kre55acihzd3lb7sumar2mu7pu

Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces

Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee
2009 2009 Annual Computer Security Applications Conference  
In this paper we propose a novel, passive approach for detecting and tracking malicious flux service networks.  ...  Our detection system is based on passive analysis of recursive DNS (RDNS) traffic traces collected from multiple large networks.  ...  This material is based upon work supported in part by the National Science Foundation under grants no. 0716570 and 0831300, the Department of Homeland Security under contract no.  ... 
doi:10.1109/acsac.2009.36 dblp:conf/acsac/PerdisciCDL09 fatcat:23ug5x37obcw7paxpenpd5ct4a

Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages [article]

Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, Wenke Lee
2020 arXiv   pre-print
We outline the challenges of tailoring program analysis tools to interpreted languages and release our pipeline as a reference point for the community to build on and help in securing the software supply  ...  Based on qualitative assessment, we apply well-known program analysis techniques such as metadata, static, and dynamic analysis to study registry abuse.  ...  Any opinions, findings, and conclusions in this paper are those of the authors and do not necessarily reflect the views of our sponsors or collaborators.  ... 
arXiv:2002.01139v2 fatcat:n3k62ggdorag5ep5isqznct3z4

Detection of Fast-Flux Domains

Chia-Mei Chen, Sheng-Tzong Cheng, Ju-Hsien Chou
2013 Journal of Advances in Computer Networks  
Based on the time-space behaviors of malicious fast-flux domains, the network behaviors of domains are formulized in this study to reduce the time complexity of modeling features.  ...  Index Terms-Botnet, fast-flux domain, malware, command and control server.  ...  As network generates large network connections each day, an efficient and light-resource detection method is needed to examine all the domains requested.  ... 
doi:10.7763/jacn.2013.v1.30 fatcat:lwaqnqbq7bbqfbvu3mjkmc6ami

A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware

Akihiro Satoh, Yutaka Fukuda, Toyohiro Hayashi, Gen Kitagata
2020 IEEE Open Journal of the Communications Society  
in the strings of dynamically generated and human-generated domain names.  ...  To prevent malware-related damage, administrators must swiftly identify and remove the infected machines that may reside in their networks.  ...  Moreover, in contrast to the DNSMap of Berger et al. [23] and DBod of Wang et al. [24] , our approach does not require observations from large-scale networks, such as ISPs.  ... 
doi:10.1109/ojcoms.2020.3038704 fatcat:xyks3nhkpvaa3boknbx5vut36e

On the Security of Machine Learning in Malware C8C Detection

Joseph Gardiner, Shishir Nagaraja
2016 ACM Computing Surveys  
One of the main challenges in security today is defending against malware attacks.  ...  In particular, several approaches and techniques have been proposed to identify the command and control (C&C) channel that a compromised system establishes to communicate with its controller.  ...  The aggregator could be a network monitor on the edge of a large network or on the ISP.  ... 
doi:10.1145/3003816 fatcat:jmuklpr2bjamfgygu6rpi4ldmm

ASwatch

Maria Konte, Roberto Perdisci, Nick Feamster
2015 Computer communication review  
ASwatch's design is based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit "agile" control plane behavior (e.g., short-lived routes, aggressive  ...  We present ASwatch, a system that identifies malicious ASes using exclusively the control-plane (i.e., routing) behavior of ASes.  ...  Acknowledgments We thank our shepherd, Walter Willinger, and the anonymous reviewers for their helpful comments and guidance. This  ... 
doi:10.1145/2829988.2787494 fatcat:3xnotqqqvjdm5csx5lldrkhq7u
« Previous Showing results 1 — 15 out of 443 results