Causality reasoning about network events for detecting stealthy malware activities
文献类型:期刊论文
| 作者 | Zhang, Hao1; Yao, Danfeng (Daphne)1; Rarnakrishnan, Naren1; Zhang, Zhibin2 |
| 刊名 | COMPUTERS & SECURITY
 |
| 出版日期 | 2016-05-01 |
| 卷号 | 58页码:180-198 |
| 关键词 | Network security Anomaly detection Stealthy maiware Traffic analysis Dependence analysis Machine learning classification |
| ISSN号 | 0167-4048 |
| DOI | 10.1016/j.cose.2016.01.002 |
| 英文摘要 | Malicious software activities have become more and more clandestine, making them challenging to detect. Existing security solutions rely heavily on the recognition of known code or behavior signatures, which are incapable of detecting new maiware patterns. We propose to discover the triggering relations on network requests and leverage the structural information to identify stealthy malware activities that cannot be attributed to a legitimate cause. The triggering relation is defined as the temporal and causal, relationship between two events. We design and compare rule- and learning-based methods to infer the triggering relations on network data. We further introduce a user-intention based security policy for pinpointing stealthy malware activities based on a triggering relation graph. We extensively evaluate our solution on a DARPA dataset and 7 GB real-world network traffic. Results indicate that our dependence analysis successfully detects various maiware activities including spyware, data exfiltrating malware, and DNS bots on hosts. With good scalability for large datasets, the learning-based method achieves better classification accuracy than the rule-based one. The significance of our traffic reasoning approach is its ability to detect new and stealthy malware activities. (C) 2016 The Authors. Published by Elsevier Ltd. |
| 资助项目 | NSF[CAREER CNS-0953638] ; NSF[ARO YIP W911NF-14-1-0535] ; L-3 communications |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| WOS记录号 | WOS:000372764600012 |
| 出版者 | ELSEVIER ADVANCED TECHNOLOGY |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/8416]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Yao, Danfeng (Daphne) |
| 作者单位 | 1.Virginia Tech, Dept Comp Sci, Blacksburg, VA USA 2.Chinese Acad Sci, Inst Comp Technol, Beijing, Peoples R China |
| 推荐引用方式 GB/T 7714 | Zhang, Hao,Yao, Danfeng ,Rarnakrishnan, Naren,et al. Causality reasoning about network events for detecting stealthy malware activities[J]. COMPUTERS & SECURITY,2016,58:180-198. |
| APA | Zhang, Hao,Yao, Danfeng ,Rarnakrishnan, Naren,&Zhang, Zhibin.(2016).Causality reasoning about network events for detecting stealthy malware activities.COMPUTERS & SECURITY,58,180-198. |
| MLA | Zhang, Hao,et al."Causality reasoning about network events for detecting stealthy malware activities".COMPUTERS & SECURITY 58(2016):180-198. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。