On the Reliability of Network Measurement Techniques Used for Malware Traffic Analysis
作者: Joseph Gardiner , Shishir Nagaraja
DOI: 10.1007/978-3-319-12400-1_31
关键词:
摘要: Malware attacks are increasingly popular attack vectors in online crime. As trends and anecdotal evidence show, preventing these attacks, regardless of their opportunistic or targeted nature, has proven difficult: intrusions happen devices get compromised, even at security-conscious organisations. a consequence, an alternative line work focused on detecting disrupting the individual steps that follow initial compromise essential for successful progression attack. In particular, number approaches techniques have been proposed to identify Command & Control (C2) channel compromised system establishes communicate with its controller. The success C2 detection depends collecting relevant network traffic. traffic volumes increase this is proving difficult. paper, we analyse current ISP-scale measurement from perspective detection. We discuss weaknesses affect provide suggestions improvement.
springer.com
strath.ac.uk
sci-hub.st 参考文章(14)
Ramana Rao Kompella, Walter Willinger, David G. Andersen, Michael K. Reiter, Vyas Sekar, Hui Zhang, CSAMP: a system for network-wide flow monitoring networked systems design and implementation. pp. 233- 246 ,(2008)
Mikkel Thorup, Nick Duffield, Carsten Lund, Haim Kaplan, Edith Cohen, Stream sampling for variance-optimal estimation of subset sums symposium on discrete algorithms. pp. 1255- 1264 ,(2009) , 10.5555/1496770.1496906
Michalis Polychronakis, Panayiotis Mavrommatis, Niels Provos, Ghost turns zombie: exploring the life cycle of web-based malware LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 11- ,(2008)
Minlan Yu, Rui Miao, Lavanya Jose, Software defined traffic measurement with OpenSketch networked systems design and implementation. pp. 29- 42 ,(2013)
Whitfield Diffie, Susan Landau, Communications surveillance: privacy and security at risk Communications of The ACM. ,vol. 52, pp. 42- 47 ,(2009) , 10.1145/1592761.1592776
D. J. Thompson, D. G. Horvitz, A generalization of sampling without replacement from a finite universe. Journal of the American Statistical Association. ,vol. 47, pp. 663- 685 ,(1952) , 10.2307/2280784
Cristian Estan, George Varghese, New directions in traffic measurement and accounting ACM Transactions on Computer Systems. ,vol. 21, pp. 270- 313 ,(2003) , 10.1145/859716.859719
Niels Provos, Moheeb Abu Rajab, Panayiotis Mavrommatis, Cybercrime 2.0 Communications of the ACM. ,vol. 52, pp. 42- 47 ,(2009) , 10.1145/1498765.1498782
Vern Paxson, Jason Franklin, Stefan Savage, Adrian Perrig, An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants computer and communications security. pp. 375- 388 ,(2007)
Chuck Cranor, Theodore Johnson, Oliver Spataschek, Vladislav Shkapenyuk, Gigascope: a stream database for network applications international conference on management of data. pp. 647- 651 ,(2003) , 10.1145/872757.872838