{"title":"网络恶意软件捕获","authors":"Christopher Jordan, Alice Chang, Kun Luo","doi":"10.1109/CATCH.2009.11","DOIUrl":null,"url":null,"abstract":"Botnets are a fundamental threat to network security. Their lifecycle follows a repeated pattern of growth via exploitation, infection and communication(command & control). Preventing botnet command & control requires runtime knowledge of communication attributes on a per bot basis. One approach to this is to evaluate the malware binary, but this approach is often significantly hampered by software obfuscation techniques designed to thwart binary analysis. Our research is focused on the collection and analysis of botnet growth patterns as they appear at the network level. This has the tangible result of capturing malware in a pristine state (though often packed). By intercepting the malware while it is transferred during infection prior to it reaching the target host, the captured malware cannot benefit from the complexity of obfuscation and dispersion, which occurs during installation on a target system.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Network Malware Capture\",\"authors\":\"Christopher Jordan, Alice Chang, Kun Luo\",\"doi\":\"10.1109/CATCH.2009.11\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Botnets are a fundamental threat to network security. Their lifecycle follows a repeated pattern of growth via exploitation, infection and communication(command & control). Preventing botnet command & control requires runtime knowledge of communication attributes on a per bot basis. One approach to this is to evaluate the malware binary, but this approach is often significantly hampered by software obfuscation techniques designed to thwart binary analysis. Our research is focused on the collection and analysis of botnet growth patterns as they appear at the network level. This has the tangible result of capturing malware in a pristine state (though often packed). By intercepting the malware while it is transferred during infection prior to it reaching the target host, the captured malware cannot benefit from the complexity of obfuscation and dispersion, which occurs during installation on a target system.\",\"PeriodicalId\":130933,\"journal\":{\"name\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Cybersecurity Applications & Technology Conference for Homeland Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CATCH.2009.11\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CATCH.2009.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Botnets are a fundamental threat to network security. Their lifecycle follows a repeated pattern of growth via exploitation, infection and communication(command & control). Preventing botnet command & control requires runtime knowledge of communication attributes on a per bot basis. One approach to this is to evaluate the malware binary, but this approach is often significantly hampered by software obfuscation techniques designed to thwart binary analysis. Our research is focused on the collection and analysis of botnet growth patterns as they appear at the network level. This has the tangible result of capturing malware in a pristine state (though often packed). By intercepting the malware while it is transferred during infection prior to it reaching the target host, the captured malware cannot benefit from the complexity of obfuscation and dispersion, which occurs during installation on a target system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
