Real-Time Detection of Malware Downloads via Large-Scale URL->File->Machine Graph Mining
作者: Babak Rahbarinia , Marco Balduzzi , Roberto Perdisci
关键词:
摘要: In this paper we propose Mastino, a novel defense system to detect malware download events. A event is 3-tuple that identifies the action of downloading file from URL was triggered by client (machine). Mastino utilizes global situation awareness and continuously monitors various network- system-level events clients' machines across Internet provides real time classification both files URLs clients upon submission new, unknown or system. To enable detection events, builds large graph captures subtle relationships among entities i.e. files, URLs, machines. We implemented prototype version evaluated it in large-scale real-world deployment. Our experimental evaluation shows can accurately classify with an average 95.5% true positive (TP), while incurring less than 0.5% false positives (FP). addition, show new as either benign just fraction second, therefore suitable
acm.org
sci-hub.se 参考文章(22)
Duen Horng Chau, Carey Nachenberg, Christos Faloutsos, Adam Wright, Jeffrey Wilhelm, Polonium: Tera-Scale Graph Mining for Malware Detection ,(2013)
Farnam Jahanian, Jon Oberheide, Evan Cooke, CloudAV: N-version antivirus in the network cloud usenix security symposium. pp. 91- 106 ,(2008)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
N. Tawbi, M. Debbabi, J. Desharnais, Y. Lavoie, J. Bergeron, M. M. Erhioui, Static Detection of Malicious Code in Executable Programs ,(2000)
Mark Felegyhazi, Vern Paxson, Christian Kreibich, On the potential of proactive domain blacklisting usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2010)
Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis, Segugio: Efficient Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 403- 414 ,(2015) , 10.1109/DSN.2015.35
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
Fanglu Guo, Peter Ferrie, Tzi-cker Chiueh, A Study of the Packer Problem and Its Solutions recent advances in intrusion detection. pp. 98- 115 ,(2008) , 10.1007/978-3-540-87403-4_6
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi, EXPOSURE : Finding malicious domains using passive DNS analysis network and distributed system security symposium. ,(2011)