Abstract
Detection of malware operation on user’s system was always a difficult task. With modern trends in stealth malware design (meta- and polymorphism modified code, multiple short series) monitoring of network traffic becomes one of the surest ways of malware operation detection. The paper presents the concept of outbound net flows analysis for malware traffic exposure to facilitate its operation detection. System network activity monitoring, algorithm for user’s flows detection in recorded net flows traffic and some results of it operation on clean and malware infected test systems are described.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Higgins, K.J.: Lab Test Results: Detect The Most Zero-Day Attacks…, http://www.darkreading.com/security/antivirus/222002625/index.html
Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks, http://www.cyveillance.com/web/news/press_rel/2010/2010-08-04.asp
Bilar, D.: Flying below the Radar: What modern malware tells us, http://cs.wellesley.edu/~dbilar/papers/Bilar_ModernMalware_HGI2007.pdf
Q1 2007 Malware Outbreak Trends: Server-Side Polymorphic Malware Explodes Across Email, http://www.altn.com/Literature/WhitePapers/Other/Alt-N_Commtouch_2007_Q1_Malware_Trends_Report.pdf
Annual Report PandaLabs 2010, http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf
Rozas, C., Khosravi, H., Sunder, D.K., Bulygin, Y.: Enhanced Detection of Malware, http://www.infoq.com/articles/malware-detection-intel
Carter, B.: Argus – auditing network activity, http://www.qosient.com/argus/
Skrzewski, M.: Wykrywanie działania niepożądanego oprogramowania. In: 14th Konferencja Sieci Komputerowe, Zakopane (2007)
Detecting Botnets with Network ADS, http://blog.damballa.com/?p=547
Fernandes, G., Owezarski, P.: Automated classification of network traffic anomalies, http://www.docstoc.com/docs/29514548/Automated-Classification-of-Network-Traffic-Anomalies/
Zaparelao, B., Mendes, L., et al.: Three levels network analysis for anomaly detection, http://netgna.it.ubi.pt/pdfs/2009-SOFTCOM2.pdf
Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.74.7539.pdf
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation, http://conferences.sigcomm.org/imc/2005/papers/imc05efiles/gu/gu.pdf
Sophos: Security threat report: 2010, http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-jan-2010-wpna.pdf
Blue Coat Systems Inc.: The alarming shift in cybercrime, http://www.bluecoat.com/doc/7993
Sendil, M.S., Nagarajan, N.: An Optimized Method for Analyzing the Peer to Peer Traffic, http://www.eurojournals.com/ejsr_34_4_09.pdf
Karagiannis, T., Broido, A., Faloutsos, M., Kcclaffy: Transport Layer Identification of P2P Traffic, http://www.caida.org/publications/papers/2004/p2p-layerid/p2p-layerid.pdf
Yen, T.F., Reiter, M.K.: Traffic Aggregation for Malware Detection, http://www.ece.cmu.edu/~tyen/TAMD.pdf
Wippich, B.: Detecting and Preventing Unauthorized Outbound Traffic, http://www.sans.org/reading_room/whitepapers/detection/detecting-preventing-unauthorized-outbound-traffic_1951
Huijun, X., Prateek, M., Deian, S., Chehai, W., Danfeng, Y.: User-Assisted Host-Based Detection of Outbound Malware Traffic, http://www.cs.rutgers.edu/research/technical_reports/report.php?series_id=1&report_id=658
Skrzewski, M.: Analyzing Outbound Network Traffic. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) 18th Conference on Computer Networks, CN 2011, Ustroń, Poland. CCIS, vol. 160. Springer, Heidelberg (2011)
Dionaea catches bugs, http://dionaea.carnivore.it/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skrzewski, M. (2011). Flow Based Algorithm for Malware Traffic Detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21771-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-21771-5_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21770-8
Online ISBN: 978-3-642-21771-5
eBook Packages: Computer ScienceComputer Science (R0)