User-assisted host-based detection of outbound malware traffic

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5927 LNCS, Issue , 2009, Pages 293-307

  Xiong, Huijun ^a   Malhotra, Prateek ^a   Stefan, Deian ^b   Wu, Chehai ^c   Yao, Danfeng ^a  

^a RUTGERS UNIVERSITY   (United States)

^b Cooper Union ^*  (United States)

^c AppFolio Inc   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANALYSIS SOLUTION; ANALYSIS TOOLS; HOST-BASED; MALWARES; NETWORK CONNECTION; NETWORK SECURITY SOLUTIONS; SCALE CHARACTERIZATION; SECURITY TOOLS; STATISTICAL MEASURES; TEMPORAL PATTERN; TRAFFIC ANALYSIS; WEB ACTIVITIES; WEB APPLICATION; WEB CONTENT; WEB USAGE; WEB USAGE PATTERNS;

COMPUTER CRIME; WIRELESS NETWORKS; WORLD WIDE WEB;

NETWORK SECURITY;

EID: 76549113940     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-11145-7_23     Document Type: Conference Paper

References (32)

1. Balachandran, A., Voelker, G.M., Bahl, P., Rangan, P.V.: Characterizing User Behavior and Network Performance in A Public Wireless LAN. In: SIGMETRICS 2002: Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pp. 195-205. ACM, New York (2002)
2. Balazinska,M., Castro, P.: CharacterizingMobility and Network Usage in A CorporateWireless Local-Area Network. In: MobiSys 2003: Proceedings of the 1st international conference on Mobile systems, applications and services, pp. 303-316. ACM, New York (2003)
3. Borders, K., Prakash, A.: Web Tap: Detecting Covert Web Traffic. In: Atluri, V., Pfitzmann, B.,McDaniel, P.D. (eds.) ACM Conference on Computer and Communications Security, pp. 110-120. ACM, New York (2004)
4. A Community Resource for Archiving Wireless Data At Dartmouth (CRAWDAD), http://crawdad.cs.dartmouth.edu/
5. Cunha, C., Bestavros, A., Crovella, M.: Characteristics ofWWWClient-based Traces. Technical report, Boston, MA, USA (1995)
6. Dagon, D., Gu, G., Lee, C.P., Lee, W.: A Taxonomy of Botnet Structures. In: ACSAC, pp. 325-339 (2007)
7. Emerging Cyber Threats Report for 2009, Georgia Tech Information Security Center (October 2008)
8. Gianvecchio, S., Xie, M.,Wu, Z.,Wang, H.:Measurement and Classification of Humans and Bots in Internet Chat. In: Proceedings of USENIX Security Symposium (2008)
9. Gu, G., Perdisci, R., Zhang, J., Lee,W.: Botminer: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In: Proceedings of the 17th USENIX Security Symposium (2008)
10. Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting Botnet Command and Control Channels in Network Traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS (2008)
11. Henderson, T., Kotz, D., Abyzov, I.: The Changing Usage of A Mature Campus-wide Wireless Network. In: MobiCom 2004: Proceedings of the 10th annual international conference on Mobile computing and networking, pp. 187-201. ACM, New York (2004)
12. Huberman, B.A., Pirolli, P.L., Pitkow, J.E., Lukose, R.M.: Strong Regularities inWorld Wide Web Surfing. Science 280(95) (1998)
13. Ianelli, N., Hackworth, A.: Botnets as A Vehicle for Online Crime (2005), http://www.cert.org/archive/pdf/Botnets.pdf
14. Karasaridis, A., Rexroad, B., Hoeflin, D.:Wide-Scale Botnet Detection and Characterization. In: HotBots 2007: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, Berkeley, CA, USA, p. 7. USENIX Association (2007)
15. Kotz, D., Essien, K.: Analysis of A Campus-wide Wireless Network. In: Proceedings of ACM Mobicom, pp. 107-118. ACM Press, New York (2002)
16. Louw, M.T., Lim, J.S., Venkatakrishnan, V.N.: Enhancing Web Browser Security Against Malware Extensions. Journal in Computer Virology 4(3), 179-195 (2008)
17. Mogul, J.C., Arlitt, M.: SC2D: an Alternative to Trace Anonymization. In: MineNet 2006: Proceedings of the 2006 SIGCOMM workshop on Mining network data, pp. 323-328. ACM, New York (2006)
18. Pang, R., Allman, M., Paxson, V., Lee, J.: The Devil and Packet Trace Anonymization. SIGCOMM Comput. Commun. Rev. 36(1), 29-38 (2006)
19. Pang, R., Paxson, V.: A High-level Programming Environment for Packet Trace Anonymization and Transformation. In: SIGCOMM 2003: Proceedings of the 2003 conference on Applications, technologies,architectures, and protocols for computer communications, pp. 339-351. ACM, New York (2003)
20. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: USENIX Security Symposium, pp. 223-238. USENIX (2004)
21. Saroiu, S., Gribble, S.D., Levy, H.M.:Measurement and Analysis of Spyware in a University Environment, pp. 141-153
22. Shieh, S.-P., Gligor, V.D.: On a Pattern-Oriented Model for Intrusion Detection. IEEE Transactions on Knowledge and Data Engineering 9(4) (July/August 1997)
23. Singh, S., Estan, C., Varghese, G., Savage, S.: Automated Worm Fingerprinting. In: OSDI 2004: Proceedings of the 6th conference on Symposium on Opearting Systems Design Implementation, Berkeley, CA, USA. USENIX Association (2004)
24. SNORT, an open source network intrusion prevention and detection system, http://www.snort.org/
25. Stewart, J.: Top Spam Botnets Exposed (April 2008), http://www. secureworks.com/research/threats/topbotnets
26. Symantec, http://www.symantec.com/index.jsp
27. Tang, D., Baker, M.: Analysis of A Local-Area Wireless Network. In: MobiCom 2000: Proceedings of the 6th annual international conference on Mobile computing and networking, pp. 1-10. ACM, New York (2000)
28. Trusted Computing Group. Trusted platform module main specification, Part 1: Design principles, Part 2: TPM structures, Part 3: Commands. Version 1.2, Revision 62 (October 2003)
29. TCG PC Client Specific TPM Interface Specification (TIS), Version 1.2. Trusted Computing Group, http://www.trustedcomputinggroup.org/groups/pc-client/
30. Webb, S., Caverlee, J., Pu, C.: Predicting Web Spam with HTTP Session Information. In: Proceedings of the Seventeenth Conference on Information and Knowledge Management (CIKM 2008) (October 2008)
31. Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming Botnets: Signatures and Characteristics. In: SIGCOMM 2008: Proceedings of the ACM SIGCOMM 2008 conference on Data communication, pp. 171-182. ACM, New York (2008)
32. Xiong, H., Malhotra, P., Stefan, D.,Wu, C., Yao, D.: User-Assisted Host-Based Detection of Outbound Malware Traffic. Technical report, Rutgers University (October 2009)