DMCA
Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces
Cached
Download Links
BibTeX
@MISC{A_behavioralclustering,
author = {Roberto Perdisci A and Wenke Lee A and Nick Feamster A},
title = {Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
We present a novel network-level behavioral malware clustering system. We focus on analyzing the structural similarities among malicious HTTP traffic traces generated by executing HTTP-based malware. Our work is motivated by the need to provide quality input to algorithms that automatically generate network signatures. Accordingly, we define similarity metrics among HTTP traces and develop our system so that the resulting clusters can yield high-quality malware signatures. We implemented a proof-of-concept version of our network-level malware clustering system and performed experiments with more than 25,000 distinct malware samples. Results from our evaluation, which includes real-world deployment, confirm the effectiveness of the proposed clustering system and show that our approach can aid the process of automatically extracting network signatures for detecting HTTP traffic generated by malware-compromised machines. 1
Keyphrases
http-based malware behavioral clustering novel network-level behavioral malware http trace proof-of-concept version high-quality malware signature network signature similarity metric malware-compromised machine clustering system distinct malware sample generate network signature quality input real-world deployment http traffic malicious http traffic trace network-level malware structural similarity
