On the reliability of network measurement techniques used for malware traffic analysis

Joseph Gardiner, Shishir Nagaraja

Research output: Chapter in Book/Report/Conference proceedingChapter

3 Citations (Scopus)

Abstract

Malware attacks are increasingly popular attack vectors in online crime. As trends and anecdotal evidence show, preventing these attacks, regardless of their opportunistic or targeted nature, has proven difficult: intrusions happen and devices get compromised, even at securityconscious organisations. As a consequence, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and that are essential for the successful progression of the attack. In particular, a number of approaches and techniques have been proposed to identify the Command & Control (C2) channel that a compromised system establishes to communicate with its controller. The success of C2 detection approaches depends on collecting relevant network traffic. As traffic volumes increase this is proving increasingly difficult. In this paper, we analyse current approaches of ISP-scale network measurement from the perspective of C2 detection. We discuss a number of weaknesses that affect current techniques and provide suggestions for their improvement.

Original languageEnglish
Title of host publicationSecurity Protocols XXII - 22nd International Workshop, Revised Selected Papers
EditorsFrank Stajano, Vashek Matyáš, Petr Švenda, Jonathan Anderson, Bruce Christianson, James Malcolm
Place of PublicationCham
PublisherSpringer-Verlag
Pages321-333
Number of pages13
Volume8809
ISBN (Print)9783319123998
DOIs
Publication statusPublished - 1 Jan 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8809
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • uniform sampling
  • proportional fairness
  • flow size
  • flooding attack
  • traffic trace
  • computer crime
  • reliability analysis
  • network security
  • packet sampling
  • traffic analysis
  • malware traffic analysis

Fingerprint Dive into the research topics of 'On the reliability of network measurement techniques used for malware traffic analysis'. Together they form a unique fingerprint.

  • Cite this

    Gardiner, J., & Nagaraja, S. (2014). On the reliability of network measurement techniques used for malware traffic analysis. In F. Stajano, V. Matyáš, P. Švenda, J. Anderson, B. Christianson, & J. Malcolm (Eds.), Security Protocols XXII - 22nd International Workshop, Revised Selected Papers (Vol. 8809, pp. 321-333). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8809). Cham: Springer-Verlag. https://doi.org/10.1007/978-3-319-12400-1_31