HTTP header heuristics for malware detection

ثبت نشده
چکیده

Sophisticated!malware,!such!as!those!used!by!Advanced!Persistent!Threat!(APT)! groups,!will!attempt!to!avoid!detection!wherever!and!whenever!it!can.!However,! even!the!stealthiest!malware!will!have!to!communicate!at!some!point,!and!when!it! does!so,!it!provides!an!opportunity!for!detection.!This!paper!looks!at!a!number!of! techniques!to!identify!the!presence!of!malware!which!attempts!to!masquerade!as! legitimate!web!browsing!activity,!exploiting!some!of!the!occasionally!inaccurate! attempts!to!mimic!the!HTTP!protocol.!This!should!provide!network!defenders!with! greater!opportunity!to!detect!malicious!activity,!without!the!need!for!maintaining!a! corpus!of!virus!specific!signatures!that!are!vulnerable!to!change.! ! ! HTTP header heuristics for malware detection! 2 ! Author!Name,!email@address! ! !

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Heuristics-based Static Analysis Approach for Detecting Packed PE Binaries

Malware authors evade the signature based detection by packing the original malware using custom packers. In this paper, we present a static heuristics based approach for the detection of packed executables. We present 1) the PE heuristics considered for analysis and taxonomy of heuristics; 2) a method for computing the score using power distance based on weights and risks assigned to the defin...

متن کامل

DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware

A recent report has shown that there are more than 5,000 malicious applications created for Android devices each day. This creates a need for researchers to develop effective and efficient malware classification and detection approaches. To address this need, we introduce DroidClassifier: a systematic framework for classifying network traffic generated by mobile malware. Our approach utilizes n...

متن کامل

PE-Header-Based Malware Study and Detection

In this paper, I present a simple and faster apporach to distinguish between malware and legitimate .exe files by simply looking at properties of the MS Windows Portable Executable (PE) headers. We extract distinguishing features from the PEheaders using the structural information standardized by the Miscrosoft Windows operating system for executables. I use the following three methodology: (1)...

متن کامل

Encoded Executable File Detection Technique via Executable File Header Analysis*

Recently, the attack trends have been changed from fast and widespread malware propagation attacks to more sophisticated “targeted” attacks such as spy/adware, password stealers, ransom-ware, and botenets etc. and the attacks are tried via the automated malwares. In this situation, the malware is the most powerful weapon for the attackers. So, the attackers do not want their malwares to be revi...

متن کامل

Engineering Task Force ( IETF ) A . Barth

This document defines the concept of an "origin", which is often used as the scope of authority or privilege by user agents. Typically, user agents isolate content retrieved from different origins to prevent malicious web site operators from interfering with the operation of benign web sites. In addition to outlining the principles that underlie the concept of origin, this document details how ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015