Abstract | ||
---|---|---|
Dynamic analysis of malware is widely used to obtain a better understanding of unknown software. While existing systems mainly focus on host-level activities of malware and limit the analysis period to a few minutes, we concentrate on the network behavior of malware over longer periods. We provide a comprehensive overview of typical malware network behavior by discussing the results that we obtained during the analysis of more than 100,000 malware samples. The resulting network behavior was dissected in our new analysis environment called Sandnet that complements existing systems by focusing on network traffic analysis. Our in-depth analysis of the two protocols that are most popular among malware authors, DNS and HTTP, helps to understand and characterize the usage of these prevalent protocols. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1145/1978672.1978682 | BADGERS@EuroSys |
Keywords | Field | DocType |
malware author,new analysis environment,network traffic analysis,analysis period,dynamic analysis,resulting network behavior,typical malware network behavior,network behavior,in-depth analysis,malicious software,malware sample,spam | Traffic analysis,Computer science,Computer security,Internet measurement,Software,Malware,Network behavior | Conference |
Citations | PageRank | References |
42 | 2.27 | 9 |
Authors | ||
7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Christian Rossow | 1 | 786 | 49.71 |
Christian J. Dietrich | 2 | 253 | 16.63 |
Herbert Bos | 3 | 2127 | 122.81 |
Lorenzo Cavallaro | 4 | 886 | 52.85 |
Maarten van Steen | 5 | 2808 | 233.34 |
Felix C. Freiling | 6 | 1415 | 137.30 |
Norbert Pohlmann | 7 | 250 | 49.03 |