60 Seconds on the Wire: A Look at Malicious Traffic
نویسنده
چکیده
Despite advances in detection, malware remains an active and high-risk threat to organizations. Understanding the characteristics of malware traffic can be vital in detecting, as well as responding to an incident inside an organization. In this paper, over 20,000 PCAPS generated by known malware are explored to find these characteristics. The focus of the research is on HTTP traffic since this was the predominate communication protocol seen. Based on the findings, suggestions are offered towards effective detection of malware traffic. As it will be shown, despite attempts to hide or obfuscate itself, malicious traffic was detected with a high level of success. 60 Seconds on the Wire: A Look at Malicious Traffic Kiel Wadner, [email protected] 2
منابع مشابه
Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کاملSecurity-aware register placement to hinder malicious hardware updating and improve Trojan detectability
Nowadays, bulk of the designers prefer to outsource some parts of their design and fabrication process to the third-part companies due to the reliability problems, manufacturing cost and time-to-market limitations. In this situation, there are a lot of opportunities for malicious alterations by the off-shore companies. In this paper, we proposed a new placement algorithm that hinders the hardwa...
متن کاملAODV-UI with Malicious Node Detection and Removal for Public MANET
A node in Mobile Ad-hoc Network (MANET) solely depends on neighbor nodes for its connectivity to the outer networks. It is completely different with fixed network connection where a central infrastructure is providing connectivity to the outside network for all mobile nodes there. This kind of situation makes MANET easier to build rather than fixed network with certain infrastructure. However, ...
متن کاملDistributed Instrusion Prevention in Active and Extensible Networks
The proliferation of computer viruses and Internet worms has had a major impact on the Internet Community. Cleanup and control of malicious software (malware) has become a key problem for network administrators. Effective techniques are now needed to protect networks against outbreaks of malware. Wire-speed firewalls have been widely deployed to limit the flow of traffic from untrusted domains....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013