Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces.
NSDI'10: Proceedings of the 7th USENIX conference on Networked systems design and implementation(2010)
摘要
We present a novel network-level behavioral malware clustering system. We focus on analyzing the structural similarities among malicious HTTP traffic traces generated by executing HTTP-based malware. Our work is motivated by the need to provide quality input to algorithms that automatically generate network signatures. Accordingly, we define similarity metrics among HTTP traces and develop our system so that the resulting clusters can yield high-quality malware signatures. We implemented a proof-of-concept version of our network-level malware clustering system and performed experiments with more than 25,000 distinct malware samples. Results from our evaluation, which includes real-world deployment, confirm the effectiveness of the proposed clustering system and show that our approach can aid the process of automatically extracting network signatures for detecting HTTP traffic generated by malware-compromised machines.
更多查看译文
关键词
network signature,HTTP-based malware,distinct malware sample,high-quality malware signature,network-level malware,novel network-level behavioral malware,proposed clustering system,malware-compromised machine,proof-of-concept version,quality input,behavioral clustering,malicious network trace,signature generation
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络