All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Malware detection using HTTP user-agent discrepancy identification

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F14%3A00233470" target="_blank" >RIV/68407700:21230/14:00233470 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1109/WIFS.2014.7084331" target="_blank" >http://dx.doi.org/10.1109/WIFS.2014.7084331</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/WIFS.2014.7084331" target="_blank" >10.1109/WIFS.2014.7084331</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Malware detection using HTTP user-agent discrepancy identification

  • Original language description

    Botnet detection systems that use Network Behavioral Analysis (NBA) principle struggle with performance and privacy issues on large-scale networks. Because of that many researchers focus on fast and simple bot detection methods that at the same time useas little information as possible to avoid privacy violations. Next, deep inspections, reverse engineering, clustering and other time consuming approaches are typically unfeasible in large-scale networks. In this paper we present a novel technique that uses User- Agent field contained in the HTTP header, that can be easily obtained from the web proxy logs, to identify malware that uses User-Agents discrepant with the ones actually used by the infected user. We are using statistical information about theusage of the User-Agent of each user together with the usage of particular User-Agent across the whole analyzed network and typically visited domains. Using those statistics we can identify anomalies, which we proved to be caused by malw

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    JC - Computer hardware and software

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2014

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2014 IEEE International W orkshop on Information Forensics and Security (WIFS)

  • ISBN

    978-1-4799-8882-2

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    221-226

  • Publisher name

    IEEE

  • Place of publication

    Piscataway

  • Event location

    Atlanta

  • Event date

    Dec 3, 2014

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Detecting DGA malware using NetFlowLearning communication patterns for malware discovery in HTTPs dataSurvey of Decentralized Solutions with Mobile Devices for User Location Tracking, Proximity Detection, and Contact Tracing in the COVID-19 Era