Identifying Malware Using Cross-Evidence Correlation
نویسندگان
چکیده
This paper proposes a new correlation method for the automatic identification of malware traces across multiple computers. The method supports forensic investigations by efficiently identifying patterns in large, complex datasets using link mining techniques. Digital forensic processes are followed to ensure evidence integrity and chain of custody.
منابع مشابه
BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation
We present a new kind of network perimeter monitoring strategy, which focuses on recognizing the infection and coordination dialog that occurs during a successful malware infection. BotHunter is an application designed to track the two-way communication flows between internal assets and external entities, developing an evidence trail of data exchanges that match a state-based infection sequence...
متن کاملMalware Characterization through Alert Pattern Discovery
We present a novel alert correlation approach based on the factor analysis statistical technique for malware characterization. Our approach involves mechanically computing a set of abstract quantities, called factors, for expressing the intrusion detection system (IDS) alerts pertaining to malware instances. These factors correspond to patterns of alerts, and can be used to succinctly character...
متن کاملRebuilding the Tower of Babel
Anti-virus systems developed by different vendors often demonstrate strong discrepancies in how they name malware, which signficantly hinders malware information sharing. While existing work has proposed a plethora of malware naming standards, most antivirus vendors were reluctant to change their own naming conventions. In this paper we explore a new, more pragmatic alternative. We propose to e...
متن کاملDetection of APT Malware through External and Internal Network Traffic Correlation
This master thesis presents overview on advanced persistent threat (APT) definition and explanation of it. One of the most dangerous APT named: ”Snake” will be presented along with other similar APT’s. Various virtual environments like e.g. VirtualBox will be investigated in order to understand how APT malware behaves in these environments. The central focus of this master thesis lies on detect...
متن کاملDetecting bots using multi- level traffic analysis
Botnets, as networks of compromised “zombie” computers, represent one of the most serious security threats on the Internet today. This paper explores how machines compromised with bot malware can be identified at local and enterprise networks in accurate and time-efficient manner. The paper introduces a novel multi-level botnet detection approach that performs network traffic analysis of three ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011