Automated Classification of C&C Connections Through Malware URL Clustering
作者: Nizar Kheir , Gregory Blanc , Hervé Debar , Joaquin Garcia-Alfaro , Dingqi Yang
DOI: 10.1007/978-3-319-18467-8_17
关键词:
摘要: We present WebVisor, an automated tool to derive patterns from malware Command and Control (C&C) server connections. From collective network communications stored on a large-scale dataset, WebVisor establishes the underlying among samples of same families (e.g., in terms development tools). focuses C&C channels based Hypertext Transfer Protocol (HTTP). First, it builds clusters statistical features HTTP-based Uniform Resource Locators (URLs) dataset. Then, conducts fine-grained, noise-agnostic clustering process, structure semantic URLs. experimental results using software prototype real-world datasets.
springer.com
archives-ouvertes.fr 
sci-hub.se 参考文章(24)
Nizar Kheir, Chirine Wolley, BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis cryptology and network security. pp. 162- 178 ,(2013) , 10.1007/978-3-319-02937-5_9
Farnam Jahanian, Jon Oberheide, Evan Cooke, CloudAV: N-version antivirus in the network cloud usenix security symposium. pp. 91- 106 ,(2008)
Antonio Nappa, M. Zubair Rafique, Juan Caballero, Driving in the cloud: an analysis of drive-by download operations and abuse reporting international conference on detection of intrusions and malware and vulnerability assessment. pp. 1- 20 ,(2013) , 10.1007/978-3-642-39235-1_1
Ulrich Bayer, Christopher Kruegel, Engin Kirda, TTAnalyze: A Tool for Analyzing Malware Proceedings of the European Institute for Computer Antivirus Research Annual Conference,2006. ,(2006)
M. Zubair Rafique, Juan Caballero, FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors recent advances in intrusion detection. pp. 144- 163 ,(2013) , 10.1007/978-3-642-41284-4_8
Christopher Kruegel, Ralf Hund, Thorsten Holz, Gregoire Jacob, JACKSTRAWS: picking command and control connections from bot traffic usenix security symposium. pp. 29- 29 ,(2011)
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Konrad Rieck, Thorsten Holz, Carsten Willems, Patrick Düssel, Pavel Laskov, Learning and Classification of Malware Behavior international conference on detection of intrusions and malware and vulnerability assessment. pp. 108- 125 ,(2008) , 10.1007/978-3-540-70542-0_6
Chi-Yao Hong, Prateek Mittal, Matthew Caesar, Nikita Borisov, Shishir Nagaraja, BotGrep: finding P2P bots with structured graph analysis usenix security symposium. pp. 7- 7 ,(2010)
Hans-Peter Kriegel, Martin Ester, Jörg Sander, Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial Databases with Noise knowledge discovery and data mining. pp. 226- 231 ,(1996)