Skip to main content
SpringerLink
Log in

Flow Based Algorithm for Malware Traffic Detection

  • Conference paper
Computer Networks (CN 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 160))

Included in the following conference series:

Abstract

Detection of malware operation on user’s system was always a difficult task. With modern trends in stealth malware design (meta- and polymorphism modified code, multiple short series) monitoring of network traffic becomes one of the surest ways of malware operation detection. The paper presents the concept of outbound net flows analysis for malware traffic exposure to facilitate its operation detection. System network activity monitoring, algorithm for user’s flows detection in recorded net flows traffic and some results of it operation on clean and malware infected test systems are described.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Higgins, K.J.: Lab Test Results: Detect The Most Zero-Day Attacks…, http://www.darkreading.com/security/antivirus/222002625/index.html

  2. Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks, http://www.cyveillance.com/web/news/press_rel/2010/2010-08-04.asp

  3. Bilar, D.: Flying below the Radar: What modern malware tells us, http://cs.wellesley.edu/~dbilar/papers/Bilar_ModernMalware_HGI2007.pdf

  4. Q1 2007 Malware Outbreak Trends: Server-Side Polymorphic Malware Explodes Across Email, http://www.altn.com/Literature/WhitePapers/Other/Alt-N_Commtouch_2007_Q1_Malware_Trends_Report.pdf

  5. Annual Report PandaLabs 2010, http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf

  6. Rozas, C., Khosravi, H., Sunder, D.K., Bulygin, Y.: Enhanced Detection of Malware, http://www.infoq.com/articles/malware-detection-intel

  7. Carter, B.: Argus – auditing network activity, http://www.qosient.com/argus/

  8. Skrzewski, M.: Wykrywanie działania niepożądanego oprogramowania. In: 14th Konferencja Sieci Komputerowe, Zakopane (2007)

    Google Scholar 

  9. Detecting Botnets with Network ADS, http://blog.damballa.com/?p=547

  10. Fernandes, G., Owezarski, P.: Automated classification of network traffic anomalies, http://www.docstoc.com/docs/29514548/Automated-Classification-of-Network-Traffic-Anomalies/

  11. Zaparelao, B., Mendes, L., et al.: Three levels network analysis for anomaly detection, http://netgna.it.ubi.pt/pdfs/2009-SOFTCOM2.pdf

  12. Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.74.7539.pdf

  13. Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation, http://conferences.sigcomm.org/imc/2005/papers/imc05efiles/gu/gu.pdf

  14. Sophos: Security threat report: 2010, http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-jan-2010-wpna.pdf

  15. Blue Coat Systems Inc.: The alarming shift in cybercrime, http://www.bluecoat.com/doc/7993

  16. Sendil, M.S., Nagarajan, N.: An Optimized Method for Analyzing the Peer to Peer Traffic, http://www.eurojournals.com/ejsr_34_4_09.pdf

  17. Karagiannis, T., Broido, A., Faloutsos, M., Kcclaffy: Transport Layer Identification of P2P Traffic, http://www.caida.org/publications/papers/2004/p2p-layerid/p2p-layerid.pdf

  18. Yen, T.F., Reiter, M.K.: Traffic Aggregation for Malware Detection, http://www.ece.cmu.edu/~tyen/TAMD.pdf

  19. Wippich, B.: Detecting and Preventing Unauthorized Outbound Traffic, http://www.sans.org/reading_room/whitepapers/detection/detecting-preventing-unauthorized-outbound-traffic_1951

  20. Huijun, X., Prateek, M., Deian, S., Chehai, W., Danfeng, Y.: User-Assisted Host-Based Detection of Outbound Malware Traffic, http://www.cs.rutgers.edu/research/technical_reports/report.php?series_id=1&report_id=658

  21. Skrzewski, M.: Analyzing Outbound Network Traffic. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) 18th Conference on Computer Networks, CN 2011, Ustroń, Poland. CCIS, vol. 160. Springer, Heidelberg (2011)

    Google Scholar 

  22. Dionaea catches bugs, http://dionaea.carnivore.it/

Download references

Author information

Authors and Affiliations

  1. Politechnika Śląska, Instytut Informatyki, Akademicka 16, 44-100, Gliwice, Polska, Poland

    Mirosław Skrzewski

Authors
  1. Mirosław Skrzewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Informatics, Silesian University of Technology, Gliwice, Poland

    Andrzej Kwiecień , Piotr Gaj  & Piotr Stera ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Skrzewski, M. (2011). Flow Based Algorithm for Malware Traffic Detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21771-5_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21771-5_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21770-8

  • Online ISBN: 978-3-642-21771-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation