Name
Abstract | ||
|---|---|---|
Botnets, which are networks of compromised machines under the control of a single malicious entity, are a serious threat to online security. The fact that botnets, by definition, receive their commands from a single entity can be leveraged to fight them. To this end, one requires techniques that can detect command and control (C&C) traffic, as well as the servers that host C&C services. Given the knowledge of a C&C server's IP address, one can use this information to detect all hosts that attempt to contact such a server, and subsequently disinfect, disable, or block the infected machines. This information can also be used by law enforcement to take down the C&C server. In this paper, we present a new botnet C&C signature extraction approach that can be used to find C&C communication in traffic generated by executing malware samples in a dynamic analysis system. This approach works in two steps. First, we extract all frequent strings seen in the network traffic. Second, we use a function that assigns a score to each string. This score represents the likelihood that the string is indicative of C&C traffic. This function allows us to rank strings and focus our attention on those that likely represent good C&C signatures. We apply our technique to almost 2.6 million network connections produced by running more than 1.4 million malware samples. Using our technique, we were able to automatically extract a set of signatures that are able to identify C&C traffic. Furthermore, we compared our signatures with those used by existing tools, such as Snort and BotHunter. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1145/2554850.2554896 | SAC |
Keywords | Field | DocType |
invasive software,security,group signature,secure channel | Secure channel,Ip address,Online security,Botnet,Computer security,Computer science,Command and control,Server,Computer network,Group signature,Malware | Conference |
Citations | PageRank | References |
12 | 0.70 | 25 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ali Zand | 1 | 102 | 7.86 |
| Giovanni Vigna | 2 | 7121 | 507.72 |
| Xifeng Yan | 3 | 6633 | 280.06 |
| Christopher Kruegel | 4 | 8799 | 516.05 |