Loading [a11y]/accessibility-menu.js
Unsupervised detection of malware in persistent web traffic | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2015 IEEE International Confe...

Unsupervised detection of malware in persistent web traffic

PDF
 << Results  
Jan Kohout; Tomáš Pevný
All Authors

Abstract:

Persistent network communication can be found in many instances of malware. In this paper, we analyse the possibility of leveraging low variability of persistent malware ...Show More

Metadata

Abstract:

Persistent network communication can be found in many instances of malware. In this paper, we analyse the possibility of leveraging low variability of persistent malware communication for its detection. We propose a new method for capturing statistical fingerprints of connections and employ outlier detection to identify the malicious ones. Emphasis is put on using minimal information possible to make our method very lightweight and easy to deploy. Anomaly detection is commonly used in network security, yet to our best knowledge, there are not many works focusing on the persistent communication itself, without making further assumptions about its purpose.
Published in: 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
Date of Conference: 19-24 April 2015
Date Added to IEEE Xplore: 06 August 2015
Electronic ISBN:978-1-4673-6997-8

ISSN Information:

DOI: 10.1109/ICASSP.2015.7178272
Conference Location: South Brisbane, QLD, Australia
Contents

1. Introduction

Bots differ from other types of malware by having a command and control (C&C) channel through which the botmaster controls the bot. The C&C channel can be implemented by using different network paradigms (p2p networks, central or fluxing servers, etc.) and protocols (custom, HTTP, plain TCP or UDP, etc.), but there has to be a communication path between C&C server and bots. The channel is maintained through the life of the bot, and once it is lost, the control over the bot is lost, too. This definition implies that the channel needs to be persistent in the sense that the bot receives the commands repeatedly in time. However, bots are not the only type of malware which produces persistent communication. Malware can repeatedly check connection to the Internet, perform click fraud, or download advertisements all of which can manifest as a persistent connection.

  Back to Results  
Contact IEEE to Subscribe
More Like This
Malware Analysis by Combining Multiple Detectors and Observation Windows

IEEE Transactions on Computers

Published: 2022

Slowing Down the Aging of Learning-Based Malware Detectors With API Knowledge

IEEE Transactions on Dependable and Secure Computing

Published: 2023

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.