Visible to the public Inferring Malware Family through Application Protocol Sequences Signature

TitleInferring Malware Family through Application Protocol Sequences Signature
Publication TypeConference Paper
Year of Publication2014
AuthorsBoukhtouta, A., Lakhdari, N.-E., Debbabi, M.
Conference NameNew Technologies, Mobility and Security (NTMS), 2014 6th International Conference on
Date PublishedMarch
Keywordsapplication protocol sequences signature, computer network security, cryptography, cyber-threats, Databases, Engines, Feeds, invasive software, learning (artificial intelligence), machine learning algorithm, malicious packets detection, Malware, malware automatic dynamic analysis, malware traffic detection, network traffic, Protocols
Abstract

The dazzling emergence of cyber-threats exert today's cyberspace, which needs practical and efficient capabilities for malware traffic detection. In this paper, we propose an extension to an initial research effort, namely, towards fingerprinting malicious traffic by putting an emphasis on the attribution of maliciousness to malware families. The proposed technique in the previous work establishes a synergy between automatic dynamic analysis of malware and machine learning to fingerprint badness in network traffic. Machine learning algorithms are used with features that exploit only high-level properties of traffic packets (e.g. packet headers). Besides, the detection of malicious packets, we want to enhance fingerprinting capability with the identification of malware families responsible in the generation of malicious packets. The identification of the underlying malware family is derived from a sequence of application protocols, which is used as a signature to the family in question. Furthermore, our results show that our technique achieves promising malware family identification rate with low false positives.

URLhttps://ieeexplore.ieee.org/document/6814026
DOI10.1109/NTMS.2014.6814026
Citation Key6814026