12 May 2016 Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis
Author Affiliations +
Abstract
Malware detection may be accomplished through the analysis of their infection behavior. To do so, dynamic analysis systems run malware samples and extract their operating system activities and network traffic. This traffic may represent malware accessing external systems, either to steal sensitive data from victims or to fetch other malicious artifacts (configuration files, additional modules, commands). In this work, we propose the use of visualization as a tool to identify compromised systems based on correlating malware communications in the form of graphs and finding isomorphisms between them. We produced graphs from over 6 thousand distinct network traffic files captured during malware execution and analyzed the existing relationships among malware samples and IP addresses.
© (2016) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Ana E. F. Camilo, André Grégio, Rafael D. C. Santos, "Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis", Proc. SPIE 9826, Cyber Sensing 2016, 982606 (12 May 2016); doi: 10.1117/12.2223968; https://doi.org/10.1117/12.2223968
PROCEEDINGS
10 PAGES


SHARE
Back to Top