NetGator: malware detection using program interactive challenges
作者: Brian Schulte , Haris Andrianakis , Kun Sun , Angelos Stavrou
DOI: 10.1007/978-3-642-37300-8_10
关键词:
摘要: Internet-borne threats have evolved from easy to detect denial of service attacks zero-day exploits used for targeted exfiltration data. Current intrusion detection systems cannot always keep-up with and it is often the case that valuable data already been communicated an external party over encrypted or plain text connection before detected. In this paper, we present a scalable approach called Network Interrogator (NetGator) network-based malware attempts exfiltrate open ports protocols. NetGator operates as transparent proxy using protocol analysis first identify declared client application known network flow signatures.Then craft packets "challenge" by exercising functionality in legitimate applications but too complex intricate be malware. When unable correctly solve respond challenge, flags potential Our seamless requires no interaction user changes on commodity software. introduces minimal traffic latency (0.35 seconds average) normal communication while can expose wide-range existing threats.
core.ac.uk
springer.com
wm.edu 
syssec-project.eu 
sci-hub.st 参考文章(20)
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Peter Eckersley, How unique is your web browser privacy enhancing technologies. pp. 1- 18 ,(2010) , 10.1007/978-3-642-14527-8_1
Ting-Fang Yen, Xin Huang, Fabian Monrose, Michael K. Reiter, Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 157- 175 ,(2009) , 10.1007/978-3-642-02918-9_10
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Roberto Perdisci, Nick Feamster, Wenke Lee, Behavioral clustering of HTTP-based malware and signature generation using malicious network traces networked systems design and implementation. pp. 26- 26 ,(2010) , 10.5555/1855711.1855737
Taeshik Shon, Jongsub Moon, A hybrid machine learning approach to network anomaly detection Information Sciences. ,vol. 177, pp. 3799- 3821 ,(2007) , 10.1016/J.INS.2007.03.025
Michalis Polychronakis, Kostas G. Anagnostakis, Evangelos P. Markatos, Network-level polymorphic shellcode detection using emulation Journal in Computer Virology. ,vol. 2, pp. 257- 274 ,(2007) , 10.1007/S11416-006-0031-Z