Results 1 - 10 of 318

SplitScreen: Enabling Efficient, Distributed Malware Detection

by Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, David Andersen
"... We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware s ..."
Abstract - Cited by 14 (6 self) - Add to MetaCart
We present the design and implementation of a novel anti-malware system called SplitScreen. SplitScreen performs an additional screening step prior to the signature matching phase found in existing approaches. The screening step filters out most non-infected files (90%) and also identifies malware

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection

by Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee
"... Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., central ..."
Abstract - Cited by 200 (14 self) - Add to MetaCart
Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e

On Challenges in Evaluating Malware Clustering

by Peng Li, Limin Liu, Michael K. Reiter , 2007
"... Abstract. Malware clustering and classification are important tools that enable analysts to prioritize their malware analysis efforts. The recent emergence of fully automated methods for malware clustering and classification that report high accuracy suggests that this problem may largely be solved. ..."
Abstract - Cited by 14 (0 self) - Add to MetaCart
Abstract. Malware clustering and classification are important tools that enable analysts to prioritize their malware analysis efforts. The recent emergence of fully automated methods for malware clustering and classification that report high accuracy suggests that this problem may largely be solved

Measuring Pay-per-Install: The Commoditization of Malware Distribution

by unknown authors
"... Recent years have seen extensive diversification of the “underground economy ” associated with malware and the subversion of Internet-connected systems. This trend to-wards specialization has compelling forces driving it: mis-creants readily apprehend that tackling the entire value-chain from malwar ..."
Abstract - Add to MetaCart
-fection of victims ’ systems. In this work we perform a measurement study of the PPI market by infiltrating four PPI services. We develop infrastruc-ture that enables us to interact with PPI services and gather and classify the resulting malware executables distributed by the services. Using our infrastructure, we

MalwareMonitor: An SDN-based Framework for Securing Large Networks

by Zainab Abaid, Mohsen Rezvani, Sanjay Jha
"... Large high-speed networks such as in campuses and enter-prises teem with malware infections; current solutions are either incapable of coping with the high data rates, or lack-ing in effective and speedy threat detection and mitigation. This work presents an early architecture for MalwareMon-itor, a ..."
Abstract - Cited by 1 (0 self) - Add to MetaCart
Mon-itor, a security framework that leverages SDN technology to address these limitations. We propose elastically parti-tioning network traffic to enable distributing detection load across a range of detectors; further, a centralized SDN con-troller allows for network-wide threat correlation as well as speedy

Systematic Mining of Associated Server Herds for Malware Campaign Discovery

by Jialong Zhang, Sabyasachi Saha, Guofei Gu, Marco Mellia, Politecnico De Torino
"... Abstract—HTTP is a popular channel for malware to com-municate with malicious servers (e.g., Command & Control, drive-by download, drop-zone), as well as to attack benign servers. By utilizing HTTP requests, malware easily disguises itself under a large amount of benign HTTP traffic. Thus, iden- ..."
Abstract - Add to MetaCart
-tifying malicious HTTP activities is challenging. We leverage an insight that cyber criminals are increasingly using dynamic malicious infrastructures with multiple servers to be efficient and anonymous in (i) malware distribution (using redirectors and exploit servers), (ii) control (using C&C servers

MutantX-S: Scalable Malware Clustering Based on Static Features

by Xin Hu, Kang G. Shin, Sandeep Bhatkar
"... The current lack of automatic and speedy labeling of a large number (thousands) of malware samples seen everyday delays the distribution of malware signatures, leading to a low detection rate of new malware samples in the wild. In this paper, we design, implement and evaluate a novel, scalable frame ..."
Abstract - Cited by 2 (0 self) - Add to MetaCart
The current lack of automatic and speedy labeling of a large number (thousands) of malware samples seen everyday delays the distribution of malware signatures, leading to a low detection rate of new malware samples in the wild. In this paper, we design, implement and evaluate a novel, scalable

Triggercast: Enabling Wireless Collisions Constructive

by unknown authors
"... Abstract—It is generally considered that concurrent trans-missions should be avoided in order to reduce collisions in wireless sensor networks. Constructive interference (CI) envisions concurrent transmissions to positively interfere at the receiver. CI potentially allows orders of magnitude reducti ..."
Abstract - Add to MetaCart
reductions in energy consumptions and improvements on link quality. In this paper, we theoretically introduce a sufficient condition to construct CI with IEEE 802.15.4 radio for the first time. Moreover, we propose Triggercast, a distributed middleware, and show it is feasible to generate CI in TMote Sky

TriggerCast: Enabling Wireless Constructive Collisions

by unknown authors
"... Abstract—Constructive Interference (CI) proposed in the ex-isting work (e.g., A-MAC [1], Glossy [2]) may degrade the packet reception performance in terms of Packet Reception Ratio (PRR) and Received Signal Strength Indication (RSSI). The packet reception performance of a set of nodes trans-mitting ..."
Abstract - Add to MetaCart
Abstract—Constructive Interference (CI) proposed in the ex-isting work (e.g., A-MAC [1], Glossy [2]) may degrade the packet reception performance in terms of Packet Reception Ratio (PRR) and Received Signal Strength Indication (RSSI). The packet reception performance of a set of nodes trans

Cyberprobe: Towards internet-scale active detection of malicious servers

by Antonio Nappa , Zhaoyan Xu , M Zubair , Rafique ⇤ , Juan Caballero , Guofei Gu - In Network and Distributed System Security Symposium , 2014
"... Abstract-Cybercriminals use different types of geographically distributed servers to run their operations such as C&C servers for managing their malware, exploit servers to distribute the malware, payment servers for monetization, and redirectors for anonymity. Identifying the server infrastruc ..."
Abstract - Cited by 3 (2 self) - Add to MetaCart
Abstract-Cybercriminals use different types of geographically distributed servers to run their operations such as C&C servers for managing their malware, exploit servers to distribute the malware, payment servers for monetization, and redirectors for anonymity. Identifying the server
Results 1 - 10 of 318