Systems and methods for detecting domain generation algorithm (DGA) malware
作者: Cristina Vatamanu , Mihai-Razvan Benchea , Dragos-Teodor Gavrilut , Octavian Mihai Minea
DOI:
关键词:
摘要: Domain generation algorithm (DGA) malware is detected by intercepting an external time request sent a potential DGA host, and replacing the received real with accelerated (future) designed to trigger time-dependent activity. The interception replacement are performed outside physical or virtual on different system such as distinct server router, hypervisor machine running same system, in order reduce risk that identifies substitution. Failed access requests triggered only at future times then used identify domain names generated malware, allowing proactive countermeasures.
lens.org 参考文章(17)
Nan Jiang, Li Li, Jin Cao, System and method for detection of domain-flux botnets and the like ,(2010)
Matthew Edwin Carothers, Systems and Methods of DNS Grey Listing ,(2012)
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, Heng Yin, Automatically Identifying Trigger-based Behavior in Malware Botnet Detection. pp. 65- 88 ,(2008) , 10.1007/978-0-387-68768-1_4
Omer Levy, Avigdor Eldar, Protected clock management based upon a non-trusted persistent time source ,(2005)
Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda, Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries ieee symposium on security and privacy. pp. 29- 44 ,(2010) , 10.1109/SP.2010.10
Jr. Robert Charles Hartman, Client/server based secure timekeeping system ,(1994)
Jedidiah R. Crandall, Gary Wassermann, Daniela A. S. de Oliveira, Zhendong Su, S. Felix Wu, Frederic T. Chong, Temporal search Proceedings of the 12th international conference on Architectural support for programming languages and operating systems - ASPLOS-XII. ,vol. 41, pp. 25- 36 ,(2006) , 10.1145/1168857.1168862
Supranamaya Ranjan, Detecting DNS fast-flux anomalies ,(2010)
Bartholomew Blaner, David W. Cummings, Jeff A. Stuecheli, George W. Daly, Michael S. Siegel, Accelerated recovery for snooped addresses in a coherent attached processor proxy ,(2013)
Jerome Laurent Azema, Guillaume Leterrier, Secure time/date virtualization ,(2007)