Traffic aggregation for malware detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5137 LNCS, Issue , 2008, Pages 207-227

  Yen, Ting Fang ^a   Reiter, Michael K ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b UNIVERSITY OF NORTH CAROLINA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNETS; COMMUNICATION FLOWS; DOS ATTACKS; EFFICIENT ALGORITHMS; EXTERNAL NETWORKS; INTERNATIONAL CONFERENCES; MALWARE; MALWARE DETECTION; SOFTWARE PLATFORMS; SPYWARE; TRAFFIC AGGREGATION; VULNERABILITY ASSESSMENTS;

AGGLOMERATION; AGGREGATES; COMPUTER CRIME; HUMAN COMPUTER INTERACTION; TANTALUM;

COMPUTER WORMS;

EID: 49949094072     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70542-0_11     Document Type: Conference Paper

References (43)

1. Aiello, W., Kalmanek, C., McDaniel, P., Sen, S., Spatscheck, O., Van der Merwe, J.: Analysis of communities of interest in data networks. In: Proceedings of Passive and Active Measurement Workshop (2005)
2. Bächer, P., Holz, T., Kötter, M., Wicherski, G.: Know your enemy: Tracking botnets. Technical report, The Honeynet Project and Research Alliance (2005)
3. Barf ord, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of ACM SIGCOMM Internet Measurement Workshop (2002)
4. Binkley, J.R., Singh, S.: An algorithm, for anomaly-based botnet detection. In: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2006)
5. Brownlee, N., Mills, C., Ruth, G.: Traffic flow measurement: Architecture. RFC 2722 (1999)
6. Cheng, D., Kannan, R., Vempala, S., Wang, G.: A divide-and-merge methodology for clustering. ACM Transactions on Database Systems 31(4) (2006)
7. Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. In: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2005)
8. Cormode, G., Muthukrishnan, S.M.: The string edit distance matching problem with moves. In: Proceedings of the ACM-SIAM Symposium on Discrete Algorithms (2002)
9. Daswani, N., Stoppelman, M.: The Google Click Quality, and Security Teams. The anatomy of clickbot.A. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (2007)
10. Datar, M., Immorlica, N., Indyk, P., Mirrokni, V.S.: Locality-sensitive hashing scheme based on p-stable distributions. In: Proceedings of the Symposium on Computational Geometry (2004)
11. Goebel, J., Hollz, T: Rishi: Identify bot contaminated hosts by IRC nickname evaluation. In: Proceedings of the Ist Workshop on Hot Topics in Understanding Botnets (2007)
12. Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (2007)
13. Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the USENIX Security Symposium. (August 2008)
14. Gu, G., Porras, P., Yegneswaran, V., Pong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In: Proceedings of the USENIX Security Symposium (2007)
15. Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 2008 ISOC Network and Distributed System Security Symposium (February 2008)
16. Handelman, S., Stibler, S., Brownlee, N., Ruth, G.: New attributes for traffic flow measurement. RFC 2724 (1999)
17. Jolliffe, I.T.: Principal Component Analysis. Springer, Heidelberg (1986)
18. Karamcheti, V., Geiger, D., Kedem, Z., Muthukrishnan, S.M.: Detecting malicious network traffic using inverse distributions of packet, contents. In: Proceedings of the ACM SIGCOMM Workshop on Mining Network Data (2005)
19. Karasaridis, A., Rexroad, B., Hoefiin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (2007)
20. Kaufman, L., Rousseeuw, P.J.: Finding Groups in Data. An Introduction to Cluster Analysis. Wiley, Chichester (1990)
21. Kim, H., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the USENIX Security Symposium (2004)
22. Kim, S.S., Reddy, A.L.N., Vannucci, M.: Detecting traffic anomalies using discrete wavelet transform. In: Proceedings of the International. Conference on Information Networking (2004)
23. Kohler, E., Li, J., Paxson, V., Shenker, S.: Observed structure of addresses in IP traffic. IEEE/ACM Transactions on Networking 14(6) (2006)
24. Kreibich, C., Crowcroft, J.: Honeycomb - creating intrusion detection signatures using honeypots. In: Proceedings of the ACM SIGCOMM Workshop on Hop Topics in Networks (2003)
25. Lakhina, A., Papagiannaki, K., Crovella, M.: Structural analysis of network traffic flows. In: Proceedings of ACM SIGMETRICS/Performance (2004)
26. Livadas, C., Walsh, B., Lapsley, D., Strayer, T: Using machine learning techniques to identify botnet traffic. In: Proceedings of the IEEE LCN Workshop on Network Security (2006)
27. Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: Proceedings of the USENIX Security Symposium (2001)
28. Newsome, J., Karp, B., Song, D.: Polygraph: Automatic signature generation for polymorphic worms. In: IEEE Security and Privacy Symposium (2005)
29. Parekh, JJ., Wang, K., Stolfo, S.J.: Privacy-preserving payload-based correlation for accurate malicious traffic detection. In: Proceedings of the ACM SIGCOMM Workshop on Large Scale Attack Defense (2006)
30. Perdisci, R., Gu, G., Lee, W.: Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In: Proceedings of the International Conference on Data Mining (2006)
31. Provos, N., Honeyman, P.: Detecting steganographic content on the Internet. In: Proceedings of the 2002 ISOC Network and Distributed System Security Symposium (NDSS) (February 2002)
32. Racine, S.: Analysis of Internet. Relay Chat Usage by DDoS Zombies. Master's thesis, Swiss Federal Institute of Technology Zurich (2004)
33. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: ACM SIGCOMM/USENIX Internet Measurement. Conference (2006)
34. Ramachandra, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the ACM conference on Computer and Communications Security (2007)
35. Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: Proceedings of ACM SIGCOMM (2006)
36. Ramachandran, A., Feamster, N., Dagon, D.: Revealing botnet membership using DNSBL counter-intelligence. In: Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet (2006)
37. Reiter, M., Yen, T.: Traffic aggregation for maiware detection. Technical Report CMUCyLab-07-017, Carnegie Mellon University (2007)
38. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of the Symposium on Operating Systems Design and Implementation (2004)
39. Taylor, C., Alves-Foss, J.: NATE - network analysis of anomalous traffic events, a low-cost approach. In: Proceedings of the New Security Paradigms Workshop (2001)
40. Terrell, J., Zhang, L., Zhu, Z., Jeffay, K., Shen, H., Nobel, A., Donelson Smith, R: Multivariate SVD analyses for network anomaly detection. In: Poster Proceedings of ACM SIGCOMM (2005)
41. Vogt, R., Aycock, J., Jacobson Jr., M.J.: Army of botnets. In: Proceedings of the Network and Distributed System Security Symposium (2007)
42. Wang, K., Parekh, JJ., Stolfo, S.J.: Anagram: A content anomaly detector resistant to mimicry attack. In: Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (2006)
43. Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (2007)