A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
Using Failure Information Analysis to Detect Enterprise Zombies
[chapter]
2009
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
We propose failure information analysis as a novel strategy for uncovering malware activity and other anomalies in enterprise network traffic. A focus of our study is detecting self-propagating malware such as worms and botnets. We begin by conducting an empirical study of transport-and application-layer failure activity using a collection of long-lived malware traces. We dissect the failure activity observed in this traffic in several dimensions, finding that their failure patterns differ
doi:10.1007/978-3-642-05284-2_11
fatcat:2klhpaekdbftvgjrqrl4rwnmte