论文信息 - THE NETWORK BEHAVIOUR OF MALWARE TO BLOCK MALICIOUS PATTERNS . THE STRATOSPHERE PROJECT : A BEHAVIOURAL IPS

THE NETWORK BEHAVIOUR OF MALWARE TO BLOCK MALICIOUS PATTERNS . THE STRATOSPHERE PROJECT : A BEHAVIOURAL IPS

Current malware traffi c detection solutions work mostly by using static fi ngerprints, white and black lists and crowd-sourced threat intelligence analytics. These methods are useful for detecting known malware in real time, but are insuffi cient for detecting unknown malicious trends and attacks. Our proposed complementary solution is to analyse the inherent patterns of malware actions in the network by means of machine learning algorithms. In particular, we use Markov chains-based algorithms to fi nd network patterns that are independent of static features, such as IP addresses or payloads. These patterns are used to build behavioural models of malware actions that are later used to detect similar traffi c in the network. All these models and detection algorithms have been used to create a free software intrusion prevention system called Stratosphere IPS, which has been thoroughly tested with normal and malware traffi c. The IPS is able to detect new network patterns that are similar to known malicious behaviours. The Stratosphere IPS tool will be used to show how behavioural models can detect real malware traffi c.

Sebastian Garcia | S. García

[1] Wilfried N. Gansterer,et al. On the detection and identification of botnets , 2010, Comput. Secur..

[2] Martin Rehak,et al. Identifying and modeling botnet C&C behaviors , 2014, ACySE '14.

[3] Sureswaran Ramadass,et al. Detecting Botnet Activities Based on Abnormal DNS traffic , 2009, ArXiv.

[4] Herbert Bos,et al. Prudent Practices for Designing Malware Experiments: Status Quo and Outlook , 2012, 2012 IEEE Symposium on Security and Privacy.

[5] Leyla Bilge,et al. Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[6] Carsten Willems,et al. Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[7] Su Chang,et al. P2P botnet detection using behavior clustering & statistical tests , 2009, AISec '09.

[8] W. Timothy Strayer,et al. Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[9] Alejandro Zunino,et al. An empirical comparison of botnet detection methods , 2014, Comput. Secur..