Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computer Networks

CN 2014: Computer Networks pp 265–276Cite as

A Technique for Detection of Bots Which Are Using Polymorphic Code

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 431))

Abstract

The new technique of botnet detection which bots use polymorphic code was proposed. Performed detection is based on the multi-agent system by means of antiviral agents that contain sensors. For detection of botnet, which bots use polymorphic code, the levels of polymorphism were investigated and its models were built. A new sensor for polymorphic code detection within antivirus agent of multi-agent system was developed. Developed sensor performs provocative actions against probably infected file, restarts of the suspicious file for probably modified code detection, behavior analysis for modified code detection, based on the principles of known levels of polymorphism.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Oxford Dictionaries, http://www.oxforddictionaries.com/definition/english/botnet?q=botnet

  2. Nikitina, T.: (In Virut have taken away key domains). http://www.securelist.com/ru/blog/207764413/U_Virut_otobrali_klyuchevye_domeny#page_top (2013)

  3. Yaneza, J.: ZeuS/ZBOT Malware Shapes Up in 2013 (2013), http://blog.trendmicro.com/trendlabs-security-intelligence/zeuszbot-malware-shapes-up-in-2013/

  4. Scott, M.E.: Boston Marathon/West, Texas Spam Campaigns (2013), http://mrpdchief.blogspot.com/2013/04/boston-marathonwest-texas-spam-campaigns.html

  5. Szor, P.: The Art of Computer Virus Research and Defense, p. 744. Addison-Wesley Professional (2005)

    Google Scholar 

  6. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2004, pp. 470–478. ACM, New York (2004)

    Chapter  Google Scholar 

  7. Ye, Y., Wang, D., Li, T., Ye, D.: Imds: intelligent malware detection system. In: Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2007, pp. 1043–1047. ACM, New York (2007)

    Google Scholar 

  8. Griffin, K., Schneider, S., Hu, X., Chiueh, T.-c.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 101–120. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  9. Yan, W., Wu, E.: Toward automatic discovery of malware signature for anti-virus cloud computing. In: Zhou, J. (ed.) Complex 2009. LNICST, vol. 4, pp. 724–728. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Wang, J.-H., Deng, P., Fan, Y.-S., Jaw, L.-J., Liu, Y.-C.: Virus detection using data mining techinques. In: Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology (2003)

    Google Scholar 

  11. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proc. of the 12th USENIX Security Symposium, pp. 169–186 (2003)

    Google Scholar 

  12. Bonfante, G., Kaczmarek, M., Marion, J.-Y.: Control flow graphs as malware signatures. In: Filiol, E., Marion, J.-Y., Bonfante, G. (eds.) International Workshop on the Theory of Computer Viruses TCV 2007, Nancy, France (2007)

    Google Scholar 

  13. Clarke, E., Emerson, E.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982)

    Chapter  Google Scholar 

  14. Leder, F., Steinbock, B., Martini, P.: Classification and detection of metamorphic malware using value set analysis. In: 2009 4th International Malicious and Unwanted Software (MALWARE), pp. 39–46 (2009)

    Google Scholar 

  15. Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semanticsbased approach to malware detection. ACM Trans. Program. Lang. Syst. 30(5), 1–54 (2008)

    Article  Google Scholar 

  16. Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A.: Multi-Agent Based Approach for Botnet Detection in a Corporate Area Network Using Fuzzy Logic. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2013. CCIS, vol. 370, pp. 146–156. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  17. Glossary (2014), http://home.mcafee.com/virusinfo/glossary?ctst=1#P

  18. Kaspersky, E.: Computer viruses. SK-Press, Moscow (1998)

    Google Scholar 

  19. Jokinen, P., Tarhio, J., Ukkonen, E.: A Comparison of Approximate String Matching Algorithms. Software: Practice and Experience 26(12), 1439–1458 (1996), http://onlinelibrary.wiley.com/doi/10.1002/SICI1097-024X19961226:121439:AID-SPE713.0.CO;2-1/abstract

    Google Scholar 

  20. Smyth, B.: Computing Patterns in Strings, p. 496. Williams, Moscow (2006)

    Google Scholar 

  21. http://security.ludost.net/exploits/index.php?dir=bots/

  22. https://www.virtualbox.org

Download references

Author information

Authors and Affiliations

  1. Department of System Programming, Khmelnitsky National University, Instytutska, 11, Khmelnitsky, Ukraine

    Oksana Pomorova, Oleg Savenko, Sergii Lysenko, Andrii Kryshchuk & Andrii Nicheporuk

Authors
  1. Oksana Pomorova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oleg Savenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sergii Lysenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrii Kryshchuk
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andrii Nicheporuk
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Science, Silesian University of Technology, Akademicka 16, 44-100, Gliwice, Poland

    Andrzej Kwiecień

  2. Institute of Informatics, Silesian University of Technology, ul. Akademicka 16, 44-100, Gliwice, Poland

    Piotr Gaj

  3. Institute of Informatics, Silesian University of Technology, Gliwice, Poland

    Piotr Stera

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Nicheporuk, A. (2014). A Technique for Detection of Bots Which Are Using Polymorphic Code. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2014. Communications in Computer and Information Science, vol 431. Springer, Cham. https://doi.org/10.1007/978-3-319-07941-7_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07941-7_27

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07940-0

  • Online ISBN: 978-3-319-07941-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation