Title :
Network Malware Capture
Author :
Jordan, Christopher ; Chang, Alice ; Luo, Kun
Abstract :
Botnets are a fundamental threat to network security. Their lifecycle follows a repeated pattern of growth via exploitation, infection and communication(command & control). Preventing botnet command & control requires runtime knowledge of communication attributes on a per bot basis. One approach to this is to evaluate the malware binary, but this approach is often significantly hampered by software obfuscation techniques designed to thwart binary analysis. Our research is focused on the collection and analysis of botnet growth patterns as they appear at the network level. This has the tangible result of capturing malware in a pristine state (though often packed). By intercepting the malware while it is transferred during infection prior to it reaching the target host, the captured malware cannot benefit from the complexity of obfuscation and dispersion, which occurs during installation on a target system.
Keywords :
security of data; systems analysis; Botnets; binary analysis; malware binary; network malware; network security; software obfuscation techniques; Communication system control; Computer security; National security; Operating systems; Pattern analysis; Protocols; Relays; Runtime; Software design; Terrorism; Botnet; detection; mitigation;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.11
