Research Article
Analyzing and Exploiting Network Behaviors of Malware
@INPROCEEDINGS{10.1007/978-3-642-16161-2_2, author={Jose Morales and Areej Al-Bataineh and Shouhuai Xu and Ravi Sandhu}, title={Analyzing and Exploiting Network Behaviors of Malware}, proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings}, proceedings_a={SECURECOMM}, year={2012}, month={5}, keywords={}, doi={10.1007/978-3-642-16161-2_2} }- Jose Morales
Areej Al-Bataineh
Shouhuai Xu
Ravi Sandhu
Year: 2012
Analyzing and Exploiting Network Behaviors of Malware
SECURECOMM
Springer
DOI: 10.1007/978-3-642-16161-2_2
Abstract
In this paper we address the following questions: From a networking perspective, do malicious programs (malware, bots, viruses, etc...) behave differently from benign programs that run daily for various needs? If so, how may we exploit the differences in network behavior to detect them? To address these questions, we are systematically analyzing the behavior of a large set (at the magnitude of 2,000) of malware samples. We present our initial results after analyzing 1000 malware samples. The results show that malicious and benign programs behave quite differently from a network perspective. We are still in the process of attempting to interpret the differences, which nevertheless have been utilized to detect 31 malware samples which were not detected by any antivirus software on Virustotal.com as of 01 April 2010, giving evidence that the differences between malicious and benign network behavior has a possible use in helping stop zero-day attacks on a host machine.