Abstract
Almost any malware attack involves data communication between the infected host and the attacker host/server allowing the latter to remotely control the infected host. The remote control is achieved through opening different types of sessions such as remote desktop, webcam video streaming, file transfer, etc. In this paper, we present a traffic analysis based malware detection technique using Hidden Markov Model (HMM). The main contribution is that the proposed system does not only detect malware infections but also identifies with precision the type of malicious session opened by the attacker. The empirical analysis shows that the proposed detection system has a stable identification precision of 90% and that it allows to identify between 40% and 75% of all malicious sessions in typical network traffic.
| Original language | English |
|---|---|
| Title of host publication | Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST |
| Publisher | Springer Verlag |
| Pages | 623-631 |
| Number of pages | 9 |
| DOIs | |
| State | Published - 2015 |
Publication series
| Name | Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST |
|---|---|
| Volume | 152 |
| ISSN (Print) | 1867-8211 |
Bibliographical note
Publisher Copyright:© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.
Keywords
- HiddenMarkovModel (HMM)
- Malicious sessions
- Malware detection
- Traffic analysis
ASJC Scopus subject areas
- Computer Networks and Communications