MalAlert

Piskozub, Michal; Spolaor, Riccardo; Martinovic, Ivan

doi:10.1145/3308897.3308961

Cited by 25 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Combined flow-and packetbased approaches were introduced for malware family classification [48,49]. Pure flow-based systems have been successful in detecting malware-related activities [50,51,52] like botnets [53,54,55], DoS attacks [56,57,58], scans [59,60,61] and worms [62,63]. Similarly, our work is based on NetFlow, but we introduce novel features specialized for mining detection.…”

Section: Related Workmentioning

confidence: 99%

Detection of illicit cryptomining using network metadata

Russo

Šrndić

Laskov

2021

Preprint

View full text Add to dashboard Cite

Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims' computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs. Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration. In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection of illicit cryptomining using network metadata

Russo

Šrndić

Laskov

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…This means that given a current flow it is not possible to know in advance where the next one starts. Typically this is not a problem in the context of network security analysis since the way to process flows is to sequentially traverse each one to get to the ones of interest [29], or to build more complex network behavior profiles [27]. However, if CompactFlow is used in a network administration context, the types of workflows could require running the same queries to extract flows with a fixed set of parameters (e.g.…”

Section: Compactflow File Headermentioning

confidence: 99%

CompactFlow: A Hybrid Binary Format for Network Flow Data

Piskozub¹,

Spolaor²,

Martinovic³

2020

Information Security Theory and Practice

Self Cite

View full text Add to dashboard Cite

Network traffic monitoring has become fundamental to obtaining insights about a network and its activities. This knowledge allows network administrators to detect anomalies, identify faulty hardware, and make informed decisions. The increase of the number of connected devices and the consequent volume of traffic poses a serious challenge to carrying out the task of network monitoring. Such a task requires techniques that process traffic in an efficient and timely manner. Moreover, it is crucial to be able to store network traffic for forensic purposes for as long a period of time as possible. In this paper, we propose CompactFlow, a hybrid binary format for efficient storage and processing of network flow data. Our solution offers a trade-off between the space required and query performance via an optimized binary representation of flow records and optional indexing. We experimentally assess the efficiency of CompactFlow by comparing it to a wide range of binary flow storage formats. We show that Compact-Flow format improves the state of the art by reducing the size required to store network flows by more than 24%.

show abstract

“…Though most of the malwares have network activity while performing attacks, the malwares that corrupt the network systems and exploit network protocols are termed as network malwares. The damage caused by these malwares to the network system, resources, and node systems point out the need for early detection, which includes identification, analysis and mitigation mechanisms [2][3].…”

Section: Introductionmentioning

confidence: 99%

A New Combined Model with Reduced Label Dependency for Malware Classification

Ray¹,

Nandan²,

Anne³

et al. 2021

Atlantis Highlights in Computer Sciences

View full text Add to dashboard Cite

With the technological advancements in recent times, security threats caused by malware are increasing with no bounds. The first step performed by security analysts for the detection and mitigation of malware is its classification. This paper aims to classify network intrusion malware using new-age machine learning techniques with reduced label dependency and identifies the most effective combination of feature selection and classification technique for this purpose. The proposed model, L2 Regularized Autoencoder Enabled Ladder Networks Classifier (RAELN-Classifier), is developed based on a combinatory analysis of various feature selection techniques like FSFC, variants of autoencoders and semisupervised classification techniques such as ladder networks. The model is trained and tested over UNSW-NB15 and benchmark NSL-KDD datasets for accurate real time model performance evaluation using overall accuracy as well as per-class accuracy and was found to result in higher accuracy compared to similar baseline and state-of-the-art models.

show abstract

MalAlert

Cited by 25 publications

References 5 publications

Detection of illicit cryptomining using network metadata

Detection of illicit cryptomining using network metadata

CompactFlow: A Hybrid Binary Format for Network Flow Data

A New Combined Model with Reduced Label Dependency for Malware Classification

Contact Info

Product

Resources

About