Abstract
Nowadays, malware, especially for a botnet, heavily employs network communication to accomplish predefined malicious functionalities. The network behavior of malware attracts attention of researchers. However, the network traffic used for network-based signatures generation and botnet detection is captured passively from an execution environment, that there are several limitations. In this paper, we present a network behavior mining approach based on binary analysis, named NBSBA. Our goal is to accurately understand the network behavior of malware in details, capture the packets the malware sample under analysis launched as soon as possible, and extract network behavior of malware as completely as possible. We firstly give a network behavior specification and then describe the NBSBA. And we implement a prototype system to evaluate the NBSBA. The experiment demonstrates that our approach is efficient.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A Survey on Automated Dynamic Malware Analysis Techniques and Tools. J. ACM Computing Surveys, 1–49 (2010)
Morales, J.A., Al-Bataineh, A., Xu, S., Sandhu, R.: Analyzing and Exploiting Network Behaviors of Malware. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 20–34. Springer, Heidelberg (2010)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated Domain-Flux Attacks with DNS Traffic Analysis. J. Transaction on Network. 20(5) (2012)
Krueger, T., Krämer, N., Rieck, K.: ASAP: Automatic semantics-aware analysis of network payloads. In: Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., Saygin, Y. (eds.) PSDML 2010. LNCS (LNAI), vol. 6549, pp. 50–63. Springer, Heidelberg (2011)
Leita, C., Mermoud, K., Dacier, M.: ScriptGen: An Automated Script Generation Tool for Honeyd. In: Proceedings of the 21st Annual Computer Security Application Conference (2005)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: Finding Malicious Domains using Passive DNS Analysis. In: Proceedings of the 18th Annual Network and Distributed Systems Security Symposium (NDSS 2011), San Diego, USA (2011)
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, pp. 635–647 (2009)
Yadav, S., Reddy, A.L.N.: Winning with DNS Failures: Strategies for Faster Botnet Detection. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 446–459. Springer, Heidelberg (2012)
Shin, S., Xu, Z., Gu, G.: EFFORT: Efficient and Effective Bot Malware Detection. In: INFOCOM 2012 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xie, P., Wang, Y., Lu, H., Li, M., Su, J. (2013). Mining Network Behavior Specifications of Malware Based on Binary Analysis. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds) Frontiers in Internet Technologies. Communications in Computer and Information Science, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53959-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-53959-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-53958-9
Online ISBN: 978-3-642-53959-6
eBook Packages: Computer ScienceComputer Science (R0)