Abstract
In the previous work, we have designed and implemented a platform with tools for capturing malware, running botnets in a controlled environment, analyzing their interactions with a botmaster, testing methods and techniques for mitigating botnet nuisance, and eventually disrupting them. We have used the platform to gather a large number of malware and observe its network activity.
In this paper, we present an approach to malware classification based on the observation of the malware communication behavior. First, we show that traditional methods based on antivirus tools are not suitable for classification. Then, we define the method based on observing the communication pattern of executing malware. We report on the classification results obtained with the proposed method. Unlike classification done by existing antivirus tools, the proposed method results in selective and consistent classification.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007)
Berger-Sabbatel, G., Duda, A.: Analysis of Malware Network Activity. In: Dziech, A., Czyżewski, A. (eds.) MCSS 2011. CCIS, vol. 149, pp. 207–215. Springer, Heidelberg (2011)
Berger-Sabbatel, G., Korczyński, M., Duda, A.: Architecture of a Platform for Malware Analysis and Confinement. In: Proc. MCSS 2010: Multimedia Communications, Services and Security, Cracow (2010)
Caglayan, A., Toothaker, M., Drapaeau, D., Burke, D., Eaton, G.: Behavioral analysis of fast flux service networks. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW 2009, pp. 48:1–48:4. ACM, New York (2009)
Carsten, W., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Security and Privacy 5, 32–39 (2007)
Fedynyshyn, G., Chuah, M.C., Tan, G.: Detection and Classification of Different Botnet C&C Channels. In: Calero, J.M.A., Yang, L.T., Mármol, F.G., García Villalba, L.J., Li, A.X., Wang, Y. (eds.) ATC 2011. LNCS, vol. 6906, pp. 228–242. Springer, Heidelberg (2011)
Leder, F., Werner, T., Martini, P.: Proactive botnet countermeasures - an offensive approach. Technical report, Institute of Computer Science IV, University of Bonn, Germany (2009)
Nazario, J., Holz, T.: As the net churns: Fast-flux botnet observations. In: 3rd International Conference on Malicious and Unwanted Software, Fairfax, pp. 24–31 (October 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Berger-Sabbatel, G., Duda, A. (2012). Classification of Malware Network Activity. In: Dziech, A., Czyżewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2012. Communications in Computer and Information Science, vol 287. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30721-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-30721-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30720-1
Online ISBN: 978-3-642-30721-8
eBook Packages: Computer ScienceComputer Science (R0)