PeerPress
作者: Zhaoyan Xu , Lingfeng Chen , Guofei Gu , Christopher Kruegel
关键词:
摘要: We propose a new, active scheme for fast and reliable detection of P2P malware by exploiting the enemies' strength against them. Our new works in two phases: host-level dynamic binary analysis to automatically extract built-in remotely-accessible/controllable mechanisms (referred as Malware Control Birthmarks or MCB) malware, followed network-level informed probing detection. design demonstrates novel combination strengths from both host-based network-based approaches. Compared with existing solutions, it is fast, reliable, scalable its scope. Furthermore, can be applicable more than just broadly any that opens service port network communications (e.g., many Trojans/backdoors). develop prototype system, PeerPress, evaluate on representative real-world (including Storm, Conficker, recent Sality). The results show effectively detect existence when MCBs are extracted, occurs an early stage during which other tools BotHunter) typically do not have sufficient information detect. further discuss limitations implications, we believe great complement passive solutions.
acm.org
ucsb.edu 
sci-hub.se 参考文章(39)
Vilmos Bilicki, Márk Jelasity, Towards automated detection of peer-to-peer botnets: on the limits of local approaches usenix conference on large scale exploits and emergent threats. pp. 3- 3 ,(2009)
Zhenkai Liang, Juan Caballero, Dawn Song, David Brumley, James Newsome, Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation usenix security symposium. pp. 15- ,(2007)
Pongsin Poosankam, Dawn Song, Edward XueJun Wu, Chia Yuan Cho, Domagoj Babić, Kevin Zhijie Chen, MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery usenix security symposium. pp. 10- 10 ,(2011)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Juan Caballero, Noah M. Johnson, Stephen McCamant, Dawn Song, Binary Code Extraction and Interface Identification for Security Applications network and distributed system security symposium. ,(2009) , 10.21236/ADA538737
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, Heng Yin, Automatically Identifying Trigger-based Behavior in Malware Botnet Detection. pp. 65- 88 ,(2008) , 10.1007/978-0-387-68768-1_4
John C. Mitchell, Elizabeth Stinson, Towards systematic evaluation of the evadability of bot/botnet detection methods usenix security symposium. pp. 5- ,(2008)
Felix S. Leder, Peter Martini, NGBPA Next Generation BotNet Protocol Analysis information security conference. ,vol. 297, pp. 307- 317 ,(2009) , 10.1007/978-3-642-01244-0_27
Weidong Cui, Helen J. Wang, Jayanthkumar Kannan, Discoverer: automatic protocol reverse engineering from network traces usenix security symposium. pp. 14- ,(2007)