Classification of Malware Network Activity

Gilles Berger Sabbatel 1 Andrzej Duda 1
1 Drakkar
LIG - Laboratoire d'Informatique de Grenoble
Abstract : In the previous work, we have designed and implemented a platform with tools for capturing malware, running botnets in a controlled environment, analyzing their interactions with a botmaster, testing methods and techniques for mitigating botnet nuisance, and eventually disrupting them. We have used the platform to gather a large number of malware and observe its network activity. In this paper, we present an approach to malware classification based on the observation of the malware communication behavior. First, we show that traditional methods based on antivirus tools are not suitable for classification. Then, we define the method based on observing the communication pattern of executing malware. We report on the classification results obtained with the proposed method. Unlike classification done by existing antivirus tools, the proposed method results in selective and consistent classification.
Type de document :
Communication dans un congrès
Andrzej Dziech and Andrzej Czyżewski. MCSS 2012 - 5th International Conference on Multimedia Communications, Services and Security, May 2012, Cracow, Poland. Springer, 287, pp.24-35, 2012, Communications in Computer and Information Science. 〈10.1007/978-3-642-30721-8_3〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00931044
Contributeur : Valérie Samper <>
Soumis le : jeudi 6 février 2014 - 11:06:37
Dernière modification le : jeudi 18 août 2016 - 01:07:46

Identifiants

Collections

Citation

Gilles Berger Sabbatel, Andrzej Duda. Classification of Malware Network Activity. Andrzej Dziech and Andrzej Czyżewski. MCSS 2012 - 5th International Conference on Multimedia Communications, Services and Security, May 2012, Cracow, Poland. Springer, 287, pp.24-35, 2012, Communications in Computer and Information Science. 〈10.1007/978-3-642-30721-8_3〉. 〈hal-00931044〉

Partager

Métriques

Consultations de la notice

87