Malware traffic detection using tamper resistant features

Z. Berkay Celik, Robert J. Walls, Patrick McDaniel, Ananthram Swami
2015 MILCOM 2015 - 2015 IEEE Military Communications Conference  
This paper presents a framework for evaluating the transport layer feature space of mal ware heartbeat traffic. We utilize these features in a prototype detection system to distinguish malware traffic from traffic generated by legitimate applications. In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results , detect pre viously unobserved anomalous behavior, and rely only on tamper resistant features making it difficult for sophisticated mal
more » ... re to avoid detection. Further, we characterize the evolution of malware evasion techniques over time by examining the behavior of 16 malware families. In particular, we highlight the difficultly of detecting mal ware that use traffic-shaping techniques to mimic legitimate traffic.
doi:10.1109/milcom.2015.7357464 dblp:conf/milcom/CelikWMS15 fatcat:ebj3zvxz6rbrfe6svdkhsxin5i