BotProfiler: Profiling variability of substrings in HTTP requests to detect malware-infected hosts

Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Kazufumi Aoki, Takeo Hariu, Shigeki Goto

    研究成果: Conference contribution

    10 被引用数 (Scopus)

    抄録

    Malware is constantly evolving, which makes it difficult to prevent it from infecting hosts. Many countermeasures against malware infection, such as generating network-based signatures or templates, have been investigated. Such templates are designed to introduce regular expressions to detect polymorphic attacks conducted by attackers. A potential problem with such templates, however, is that they sometimes falsely regard benign communications as malicious, resulting in false positives, due to an inherent aspect of regular expressions. Since the cost of responding to malware infection is quite high, the number of false positives should be kept to a minimum. Therefore, we propose a system to generate templates that cause fewer false positives than a conventional system. We focused on the key idea that malicious infrastructures, such as command and control, tend to be reused instead of created from scratch. The results of implementing our system and validating it using real traffic data indicate that it reduced false positives by up to two-thirds compared to the conventional system and even increased the detection rate of infected hosts.

    本文言語English
    ホスト出版物のタイトルProceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
    出版社Institute of Electrical and Electronics Engineers Inc.
    ページ758-765
    ページ数8
    1
    ISBN(印刷版)9781467379519
    DOI
    出版ステータスPublished - 2015 12 2
    イベント14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015 - Helsinki, Finland
    継続期間: 2015 8 202015 8 22

    Other

    Other14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
    国/地域Finland
    CityHelsinki
    Period15/8/2015/8/22

    ASJC Scopus subject areas

    • コンピュータ ネットワークおよび通信

    フィンガープリント

    「BotProfiler: Profiling variability of substrings in HTTP requests to detect malware-infected hosts」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

    引用スタイル