Malware traffic detection using tamper resistant features
Abstract
This paper presents a framework for evaluating the transport layer feature space of malware heartbeat traffic. We utilize these features in a prototype detection system to distinguish malware traffic from traffic generated by legitimate applications. In contrast to previous work, we eliminate features at risk of producing overly optimistic detection results, detect previously unobserved anomalous behavior, and rely only on tamper-resistant features making it difficult for sophisticated malware to avoid detection. Further, we characterize the evolution of malware evasion techniques over time by examining the behavior of 16 malware families. In particular, we highlight the difficultly of detecting malware that use traffic-shaping techniques to mimic legitimate traffic.
Metrics
Citation History
Topics
Related Documents
Encrypted Malware Traffic Detection Using TLS Features and Random Forest
A mobile malware detection method using behavior features in network traffic
Shanshan WangZhenxiang ChenQiben YanBo YangLizhi PengZhongtian Jia
Minimizing Network Traffic Features for Android Mobile Malware Detection
Anshul AroraSateesh K. Peddoju
Malware detection using opcodes statistical features
Saeid RezaeiAli AfrazFereidoon RezaeiMohammad Reza Shamani
Runtime Malware Detection using hardware features
S SanjithE. SivaramanPrasad B. Honnavalli