12 May 2016 Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis
Author Affiliations +
Abstract
Malware detection may be accomplished through the analysis of their infection behavior. To do so, dynamic analysis systems run malware samples and extract their operating system activities and network traffic. This traffic may represent malware accessing external systems, either to steal sensitive data from victims or to fetch other malicious artifacts (configuration files, additional modules, commands). In this work, we propose the use of visualization as a tool to identify compromised systems based on correlating malware communications in the form of graphs and finding isomorphisms between them. We produced graphs from over 6 thousand distinct network traffic files captured during malware execution and analyzed the existing relationships among malware samples and IP addresses.
© (2016) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Ana E. F. Camilo, Ana E. F. Camilo, André Grégio, André Grégio, Rafael D. C. Santos, Rafael D. C. Santos, } "Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis", Proc. SPIE 9826, Cyber Sensing 2016, 982606 (12 May 2016); doi: 10.1117/12.2223968; https://doi.org/10.1117/12.2223968
PROCEEDINGS
10 PAGES


SHARE
RELATED CONTENT

Study of risk based on web software testing
Proceedings of SPIE (March 20 2013)
Considering IIOT and security for the DoD
Proceedings of SPIE (May 12 2016)
Defense and security of a wireless tactical network
Proceedings of SPIE (August 28 2001)
Visualization techniques for malware behavior analysis
Proceedings of SPIE (June 02 2011)
Strategy for tactical cellular connectivity
Proceedings of SPIE (May 23 2011)
Using OpenSSH to secure mobile LAN network traffic
Proceedings of SPIE (August 06 2002)

Back to Top