A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Filters
Machine learning for network-based malware detection
[article]
2016
Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet
Preserved Fulltext
Research Question -How can an efficient identification of potentially compromised clients based on DNS traffic be implemented in large-scale ISP networks? ...
The work presented in this thesis proposes novel methods that aim at providing efficient and accurate malware detection based on network traffic analysis. ...
This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities. ...
doi:10.5278/vbn.phd.engsci.00088
fatcat:cd4txihrd5dt3nsjsmwjn53pbi
GMAD: Graph-based Malware Activity Detection by DNS traffic analysis
2014
Computer Communications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Through experiments with four sets of DNS traffic captured in two ISP networks in the U.S. and South Korea, we show that GMAD detected thousands of malicious domain names that had neither been blacklisted ...
Since blocking domain names for command and control (C&C) of the malwares by analyzing their Domain Name System (DNS) activities has been the most effective and practical countermeasure, attackers attempt ...
in large and complex network environments. ...
doi:10.1016/j.comcom.2014.04.013
fatcat:rqw475qczfgzthb6bmfreajr7q
Dark Matter: Uncovering the DarkComet RAT Ecosystem
2020
Proceedings of The Web Conference 2020
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To date, the users and victims of this pernicious form of malware have been challenging to observe in the wild due to the unobtrusive nature of infections. ...
Using a known method for collecting victim log databases from DarkComet controllers, we present novel techniques for tracking RAT controllers across hostname changes and improve on established techniques ...
Further, 19% of controllers actively switched domain names during observation. In these cases, our methodology for controller tracking is necessary to accurately report on the observed controllers. ...
doi:10.1145/3366423.3380277
dblp:conf/www/FarinholtRML20
fatcat:rlkxoiun7ncd5hsp3aygpc2rzu
Using Failure Information Analysis to Detect Enterprise Zombies
[chapter]
2009
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We propose failure information analysis as a novel strategy for uncovering malware activity and other anomalies in enterprise network traffic. ...
Based on these observations, we describe the design of a prototype system called Netfuse to automatically detect and isolate malware-like failure patterns. ...
Our approach: In this paper, we introduce a new behavior-based approach to detect infected hosts within an enterprise network. ...
doi:10.1007/978-3-642-05284-2_11
fatcat:2klhpaekdbftvgjrqrl4rwnmte
The MALICIA dataset: identification and analysis of drive-by download operations
2014
International Journal of Information Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We describe the interaction with ISPs and hosting providers and monitor the result of the report. We find that 61 % of the reports are not even acknowledged. ...
In the drive-by ecosystem, many exploit servers run the same exploit kit and it is a challenge understanding whether the exploit server is part of a larger operation. ...
In [19] , we identified exploit servers by the domain in their URLs. This was problematic because a large number of domains often resolve to the IP address of an exploit server. ...
doi:10.1007/s10207-014-0248-7
fatcat:cng7cx2fized3ie4gw55ko76mi
Malicious Domain Detection Based on Machine Learning
2018
DEStech Transactions on Computer Science and Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field. ...
And then we focus on a survey on the detection research of C&C (Command and Control) domain in Fast-flux botnets and Domain-flux botnets which are the most popular and the most challenging. ...
Acknowledgements This work was financially supported by National Key R&D Program of China (2016YFB0801304) ...
doi:10.12783/dtcse/iceit2017/19866
fatcat:75wt7lq5zbct3elgcs7lbclo4e
The economics of cybersecurity: Principles and policy options
2010
International Journal of Critical Infrastructure Protection
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Finally, we make several recommendations for policy changes to improve cybersecurity: mitigating malware infections via ISPs by subsidized cleanup, mandatory disclosure of fraud losses and security incidents ...
, mandatory disclosure of control system incidents and intrusions, and aggregating reports of cyber espionage and reporting to the World Trade Organization (WTO). ...
A related type of convergence is that the networks themselves are becoming IP-based. ...
doi:10.1016/j.ijcip.2010.10.002
fatcat:qjvbh2vmqzfyxo3irjacirnj7i
AUTOPROBE
2014
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
In the battle against cybercriminals, accurately identifying the underlying malicious server infrastructure (e.g., C&C servers for botnet command and control) is of vital importance. ...
AUTOPROBE addresses two fundamental limitations of existing active probing approaches: it supports pull-based C&C protocols, used by the majority of malware, and it generates fingerprints even in the common ...
We also thank Zakir Durumeric and J. Alex Halderman, as well as VirusTotal, Malware Domain List, and URLQuery. ...
doi:10.1145/2660267.2660352
dblp:conf/ccs/XuNBYCG14
fatcat:pi4h5fk6kzb2pnaloosclwvxsu
Survey and Research Challenges of Botnet Forensics
2013
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Attackers have developed the ability of controlling vast area of infected hosts, characterized by complex executable command set, each involved part in cooperative and coordinated attacks. ...
These papers propose the advanced approach related botnet detection and analysis in the near future. It demonstrates a novel approach of botnet investigations and defense mechanisms. ...
Botnets, networks of malware infected machines controlled by an adversary, are the root cause of a large number of Internet security problems. ...
doi:10.5120/13127-0483
fatcat:kre55acihzd3lb7sumar2mu7pu
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces
2009
2009 Annual Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In this paper we propose a novel, passive approach for detecting and tracking malicious flux service networks. ...
Our detection system is based on passive analysis of recursive DNS (RDNS) traffic traces collected from multiple large networks. ...
This material is based upon work supported in part by the National Science Foundation under grants no. 0716570 and 0831300, the Department of Homeland Security under contract no. ...
doi:10.1109/acsac.2009.36
dblp:conf/acsac/PerdisciCDL09
fatcat:23ug5x37obcw7paxpenpd5ct4a
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
We outline the challenges of tailoring program analysis tools to interpreted languages and release our pipeline as a reference point for the community to build on and help in securing the software supply ...
Based on qualitative assessment, we apply well-known program analysis techniques such as metadata, static, and dynamic analysis to study registry abuse. ...
Any opinions, findings, and conclusions in this paper are those of the authors and do not necessarily reflect the views of our sponsors or collaborators. ...
arXiv:2002.01139v2
fatcat:n3k62ggdorag5ep5isqznct3z4
Detection of Fast-Flux Domains
2013
Journal of Advances in Computer Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
Based on the time-space behaviors of malicious fast-flux domains, the network behaviors of domains are formulized in this study to reduce the time complexity of modeling features. ...
Index Terms-Botnet, fast-flux domain, malware, command and control server. ...
As network generates large network connections each day, an efficient and light-resource detection method is needed to examine all the domains requested. ...
doi:10.7763/jacn.2013.v1.30
fatcat:lwaqnqbq7bbqfbvu3mjkmc6ami
A Superficial Analysis Approach for Identifying Malicious Domain Names Generated by DGA Malware
2020
IEEE Open Journal of the Communications Society
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
in the strings of dynamically generated and human-generated domain names. ...
To prevent malware-related damage, administrators must swiftly identify and remove the infected machines that may reside in their networks. ...
Moreover, in contrast to the DNSMap of Berger et al. [23] and DBod of Wang et al. [24] , our approach does not require observations from large-scale networks, such as ISPs. ...
doi:10.1109/ojcoms.2020.3038704
fatcat:xyks3nhkpvaa3boknbx5vut36e
On the Security of Machine Learning in Malware C8C Detection
2016
ACM Computing Surveys
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
One of the main challenges in security today is defending against malware attacks. ...
In particular, several approaches and techniques have been proposed to identify the command and control (C&C) channel that a compromised system establishes to communicate with its controller. ...
The aggregator could be a network monitor on the edge of a large network or on the ISP. ...
doi:10.1145/3003816
fatcat:jmuklpr2bjamfgygu6rpi4ldmm
ASwatch
2015
Computer communication review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
ASwatch's design is based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit "agile" control plane behavior (e.g., short-lived routes, aggressive ...
We present ASwatch, a system that identifies malicious ASes using exclusively the control-plane (i.e., routing) behavior of ASes. ...
Acknowledgments We thank our shepherd, Walter Willinger, and the anonymous reviewers for their helpful comments and guidance. This ...
doi:10.1145/2829988.2787494
fatcat:3xnotqqqvjdm5csx5lldrkhq7u
« Previous
Showing results 1 — 15 out of 443 results