User-Assisted Host-Based Detection of Outbound Malware Traffic

Xiong, Huijun; Malhotra, Prateek; Stefan, Deian; Wu, Chehai; Yao, Danfeng

doi:10.1007/978-3-642-11145-7_23

Cited by 17 publications

(8 citation statements)

References 19 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This increases the time required to classify domains and may not be viable in larger networks. Attempts at outbound malware traffic detection have primarily relied on host-based detection [10]. Zang, Perdisci, Gu and Lee did however implement a system for botnet detection at the network edge [11], [12].…”

Section: Related Workmentioning

confidence: 99%

A framework for DNS based detection and mitigation of malware infections on a network

Stalmans

Irwin

2011

2011 Information Security for South Africa

View full text Add to dashboard Cite

Abstract-Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mitigating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and negative samples as legitimate domains. The system detects malicious domain names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect malicious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.

show abstract

Section: Related Workmentioning

confidence: 99%

A framework for DNS based detection and mitigation of malware infections on a network

Stalmans

Irwin

2011

2011 Information Security for South Africa

View full text Add to dashboard Cite

show abstract

“…The work in [54], proposed by H Xiong et al, is a hostbased bot detection system for HTTP traffic. The detection system is based on the assumption that users have low diversity in the web sites.…”

Section: ) Host-based Detectionmentioning

confidence: 99%

A Survey on Botnet Command and Control Traffic Detection

Ghafir¹,

Svoboda²,

Přenosil³

2015

Third International Conference on Advances in Computing, Communication and Information Technology- CCIT 2015

View full text Add to dashboard Cite

Internet users have been attacked by widespread email viruses earlier, but now scenario has been changed. Now attackers are no more interested to just attract media attention by infecting a large number of computers on the network; in fact, their interest has been shifted to compromising and controlling the infected computers for their personal profits. This new attack trend brings the concept of botnets over the global network of computers. With the high reported infection rates, the vast range of illegal activities and powerful comebacks, botnets are one of the main threats against the cyber security. This paper provides the readers with a background on botnet life-cycle, architecture and malicious activities. It also classifies botnet detection techniques, reviews the recent research works on botnet traffic detection and finally indicates some challenges posed to future work on botnet detection.

show abstract

“…In sight of the above intuition and reasoning, we first conduct a study on online user social behaviors by collecting and analyzing user clickstreams [6], [15], [23], [26] of a well known OSN website. Based on our observation of user interaction with different OSN services, we propose several new behavioral features that can effectively quantify user differences in online social activities.…”

Section: Introductionmentioning

confidence: 99%

Profiling Online Social Behaviors for Compromised Account Detection

Ruan

Wu²,

Wang

et al. 2016

IEEE Trans.Inform.Forensic Secur.

100

View full text Add to dashboard Cite

Account compromisation is a serious threat to users of Online Social Networks (OSNs). While relentless spammers exploit the established trust relationships between account owners and their friends to efficiently spread malicious spam, timely detection of compromised accounts are quite challenging due to the well established trust relationship between the service providers, account owners, and their friends. In this paper, we study the social behaviors of OSN users, i.e. their usage of OSN services, and the application of which in detecting compromised accounts. In particular, we propose a set of social behavioral features that can effectively characterize the user social activities on OSNs. We validate the efficacy of these behavioral features by collecting and analyzing real user clickstreams to an OSN website. Based on our measurement study, we devise individual user's social behavioral profile by combining its respective behavioral feature metrics. A social behavioral profile accurately reflects a user's OSN activity patterns. While an authentic owner conforms to its account's social behavioral profile involuntarily, it is hard and costly for impostors to feign. We evaluate the capability of the social behavioral profiles in distinguishing different OSN users, and our experimental results show the social behavioral profiles can accurately differentiate individual OSN users and detect compromised accounts.1556-6013 (c)

show abstract

User-Assisted Host-Based Detection of Outbound Malware Traffic

Cited by 17 publications

References 19 publications

A framework for DNS based detection and mitigation of malware infections on a network

A framework for DNS based detection and mitigation of malware infections on a network

A Survey on Botnet Command and Control Traffic Detection

Profiling Online Social Behaviors for Compromised Account Detection

Contact Info

Product

Resources

About