Skip to main content
SpringerLink
Log in

Mining Unknown Network Protocol’s Stealth Attack Behavior

  • Conference paper
  • First Online:
Advances in Intelligent Networking and Collaborative Systems (INCoS 2017)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 8))

  • 1277 Accesses

Abstract

Unknown network protocol’s Stealth Attack behavior is becoming a new vehicle to conduct invisible cyber attacks. This kind of attack is latent for a long time, and the execution is triggered only under special conditions. As the application layer protocols flourish, there is an exponential increase in the number and diversity of the protocol stealth attack behaviors. Even though numerous efforts have been directed towards protocol reverse analysis, the unknown protocol’s stealth attack behavior mining has rare studied. This paper proposes a method of mining stealth attack behavior by instruction clustering. First, all protocol samples are divided into functional instruction sequences. Then clustering analysis of all the functional instruction sequences using the instruction clustering algorithm. The stealth attack behavior instruction sequences can be mined quickly and accurately according to the calculation of the behavior distance. Experimental results show that our solution is ideal for mining protocol’s stealth attack behavior in terms of efficiency and accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Harale, S.T.A.: Detection and analysis of network & application layer attacks using honey pot with system security features. Int. J. Adv. Res. Ideas Innovations Technol. 3, 1–4 (2017)

    Google Scholar 

  2. Singh, S., Sharma, P.K., Moon, S.Y., et al.: A comprehensive study on APT attacks and countermeasures for future networks and communications: challenges and solutions. J. Supercomput., 1–32 (2016)

    Google Scholar 

  3. Albanese, M., Battista, E., Jajodia, S.: Deceiving attackers by creating a virtual attack surface. Cyber Deception. Building the Scientific Foundation, 167–199 (2016)

    Google Scholar 

  4. Damopoulos, D., Kambourakis, G., Gritzalis, S.: iSAM: an iPhone stealth airborne malware. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IAICT, vol. 354, pp. 17–28. Springer, Heidelberg (2011). doi:10.1007/978-3-642-21424-0_2

    Chapter  Google Scholar 

  5. Filiol. E.: Viruses and malware. In: Handbook of Information and Communication Security, pp. 747–769 (2010)

    Google Scholar 

  6. Jung, S., Kim, J., Cagalaban, G., Lim, J.-h., Kim, S.: Design of cyber attack precursor symptom detection algorithm through system base behavior analysis and memory monitoring. In: Kim, T.-h., Vasilakos, T., Sakurai, K., Xiao, Y., Zhao, G., Ślęzak, D. (eds.) FGCN 2010. CCIS, vol. 120, pp. 276–283. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17604-3_33

    Chapter  Google Scholar 

  7. Lee-Urban, S., Whitaker, E., Riley, M., et al.: Two complementary network modeling and simulation approaches to aid in understanding advanced cyber threats. In: Advances in Human Factors in Cybersecurity: Proceedings of the AHFE 2016 International Conference on Human Factors in Cybersecurity, pp. 401–414, Walt Disney World®, Florida, USA, 27–31 July 2016

    Google Scholar 

  8. Ming, J., Xin, Z., Lan, P., et al.: Impeding behavior-based malware analysis via replacement attacks to malware specifications. J. Comput. Virol. Hacking Tech., 1–15 (2016)

    Google Scholar 

  9. Pawlowski, A., Contag, M., Holz, T.: Probfuscation: an obfuscation approach using probabilistic control flows. In: Caballero, J., Zurutuza, U., Rodríguez, Ricardo J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 165–185. Springer, Cham (2016). doi:10.1007/978-3-319-40667-1_9

    Google Scholar 

  10. Payer, M.: HexPADS: a platform to detect “stealth” attacks. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 138–154. Springer, Cham (2016). doi:10.1007/978-3-319-30806-7_9

    Chapter  Google Scholar 

  11. Teixeira d’Aguiar Norton Brandão, L., Neves Bessani, A.: On the reliability and availability of replicated and rejuvenating systems under stealth attacks and intrusions. J. Braz. Compu. Soc. 18(1), 61–80 (2012)

    Article  MathSciNet  Google Scholar 

  12. Xiangjian He, T.C., Nanda, P., Tan, Z.: Improving cloud network security using the tree-rule firewall. Future Gener. Comput. Syst. 30, 116–126 (2014)

    Article  Google Scholar 

  13. Han, K., Kang, B., Im, E.G.: Malware analysis using visualized image matrices. Sci. World J. 2014 (2014). 132713

    Google Scholar 

  14. Santos, I., Brezo, F., Nieves, J., et al.: Idea: opcode-sequence-based malware detection. Eng. Secure Softw. Syst., 35–43 (2010)

    Google Scholar 

  15. Saxe, J., Mentis, D., Greamo, C.: Visualization of shared system call sequence relationships in large malware corpora. In: Proceedings of the Ninth International Symposium on Visualization for Cyber Security, pp. 33–40 (2012)

    Google Scholar 

  16. Canfora, G., Iannaccone, A., Visaggio, C.: Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics. J. Comput. Virol. Hacking Tech. 10(1), 11–27 (2014)

    Article  Google Scholar 

  17. Egele, M., Scholte, T., Kirda, E., et al.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1–42 (2012)

    Article  Google Scholar 

  18. Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static/dynamic gap. In: Proceedings of the 5th ACM workshop on Security and Artificial Intelligence, pp. 3–14 (2012)

    Google Scholar 

  19. Hu, X., Shin, K.G.: DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 79–88 (2013)

    Google Scholar 

  20. Kang, B., Kim, T., Kwon, H., et al.: Malware classification method via binary content comparison. In: Proceedings of the 2012 ACM Research in Applied Computation Symposium, pp. 316–321 (2012)

    Google Scholar 

  21. Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant no. 61103178, 61373170, 61402530, 61309022 and 61309008.

Author information

Authors and Affiliations

  1. Key Laboratory of Cryptology and Information Security, Chinese PLA, Engineering University of the Armed Police Force, Xi’an, 710086, China

    Yan-Jing Hu

  2. State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an, 710071, China

    Yan-Jing Hu

Authors
  1. Yan-Jing Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yan-Jing Hu .

Editor information

Editors and Affiliations

  1. Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Computer Science, Ryerson University, Toronto, Ontario, Canada

    Isaac Woungang

  3. School of Business, UNSW Australia, Canberra, Aust Capital Terr, Australia

    Omar Khadeer Hussain

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Hu, YJ. (2018). Mining Unknown Network Protocol’s Stealth Attack Behavior. In: Barolli, L., Woungang, I., Hussain, O. (eds) Advances in Intelligent Networking and Collaborative Systems. INCoS 2017. Lecture Notes on Data Engineering and Communications Technologies, vol 8. Springer, Cham. https://doi.org/10.1007/978-3-319-65636-6_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65636-6_49

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65635-9

  • Online ISBN: 978-3-319-65636-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation