Title :
Unsupervised detection of malware in persistent web traffic
Author :
Kohout, Jan ; Pevny, Tomas
Author_Institution :
Cisco Syst., Czech Tech. Univ. in Prague, Prague, Czech Republic
Abstract :
Persistent network communication can be found in many instances of malware. In this paper, we analyse the possibility of leveraging low variability of persistent malware communication for its detection. We propose a new method for capturing statistical fingerprints of connections and employ outlier detection to identify the malicious ones. Emphasis is put on using minimal information possible to make our method very lightweight and easy to deploy. Anomaly detection is commonly used in network security, yet to our best knowledge, there are not many works focusing on the persistent communication itself, without making further assumptions about its purpose.
Keywords :
Internet; computer network security; invasive software; telecommunication traffic; anomaly detection; network security; outlier detection; persistent malware communication; persistent network communication; persistent web traffic; statistical fingerprints; unsupervised detection; Companies; Detection algorithms; Detectors; Histograms; Joints; Malware; Servers; malware; outlier detection; persistent communication;
Conference_Titel :
Acoustics, Speech and Signal Processing (ICASSP), 2015 IEEE International Conference on
Conference_Location :
South Brisbane, QLD
DOI :
10.1109/ICASSP.2015.7178272
