Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SAC
2010
ACM
2010
ACM
Botzilla: detecting the "phoning home" of malicious software
Hosts infected with malicious software, so called malware, are ubiquitous in today’s computer networks. The means whereby malware can infiltrate a network are manifold and range from exploiting of software vulnerabilities to tricking a user into executing malicious code. Monitoring and detection of all possible infection vectors is intractable in practice. Hence, we approach the problem of detecting malicious software at a later point when it initiates contact with its maintainer; a process referred to as “phoning home”. In particular, we introduce Botzilla, a method for detection of malware communication, which proceeds by repetitively recording network traffic of malware in a controlled environment and generating network signatures from invariant content patterns. Experiments conducted at a large university network demonstrate the ability of Botzilla to accurately identify malware communication in network traffic with very low false-positive rates. Categories and Subject Desc...
Real-time Traffic| Added | 17 May 2010 |
| Updated | 17 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | SAC |
| Authors | Konrad Rieck, Guido Schwenk, Tobias Limmer, Thorsten Holz, Pavel Laskov |
Comments (0)
Researcher Info
|
