Unsupervised detection of malware in persistent web traffic
作者: Jan Kohout , Tomas Pevny
DOI: 10.1109/ICASSP.2015.7178272
关键词:
摘要: Persistent network communication can be found in many instances of malware. In this paper, we analyse the possibility leveraging low variability persistent malware for its detection. We propose a new method capturing statistical fingerprints connections and employ outlier detection to identify malicious ones. Emphasis is put on using minimal information possible make our very lightweight easy deploy. Anomaly commonly used security, yet best knowledge, there are not works focusing itself, without making further assumptions about purpose.
sci-hub.se 参考文章(16)
Gregory Fedynyshyn, Mooi Choo Chuah, Gang Tan, Detection and classification of different botnet C&C channels autonomic and trusted computing. pp. 228- 242 ,(2011) , 10.1007/978-3-642-23496-5_17
Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler, Dina Papagiannaki, Exploiting Temporal Persistence to Detect Covert Botnet Channels recent advances in intrusion detection. pp. 326- 345 ,(2009) , 10.1007/978-3-642-04342-0_17
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
H. Frystyk, L. Masinter, J. Mogul, J. Gettys, R. Fielding, P. Leach, T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1 acm conference on hypertext. ,vol. 2068, pp. 1- 162 ,(1997)
David Zhao, Issa Traore, Bassam Sayed, Wei Lu, Sherif Saad, Ali Ghorbani, Dan Garant, Botnet detection based on traffic behavior analysis and flow intervals Computers & Security. ,vol. 39, pp. 2- 16 ,(2013) , 10.1016/J.COSE.2013.04.007
O. Chum, J. Philbin, A. Zisserman, Near Duplicate Image Detection: min-Hash and tf-idf Weighting. british machine vision conference. pp. 1- 10 ,(2008) , 10.5244/C.22.50
Jan Jusko, Martin Rehak, Tomas Pevny, A memory efficient privacy preserving representation of connection graphs Proceedings of the 1st International Workshop on Agents and CyberSecurity. pp. 4- ,(2014) , 10.1145/2602945.2602947
H. D. K. MOONESINGHE, PANG-NING TAN, OutRank: A GRAPH-BASED OUTLIER DETECTION FRAMEWORK USING RANDOM WALK International Journal on Artificial Intelligence Tools. ,vol. 17, pp. 19- 36 ,(2008) , 10.1142/S0218213008003753
Kumar Sricharan, Alfred O. Hero, Efficient anomaly detection using bipartite k-NN graphs neural information processing systems. ,vol. 24, pp. 478- 486 ,(2011)