Malware detection using HTTP user-agent discrepancy identification

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F14%3A00233470" target="_blank" >RIV/68407700:21230/14:00233470 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/WIFS.2014.7084331" target="_blank" >http://dx.doi.org/10.1109/WIFS.2014.7084331</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/WIFS.2014.7084331" target="_blank" >10.1109/WIFS.2014.7084331</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Malware detection using HTTP user-agent discrepancy identification

Popis výsledku v původním jazyce

Botnet detection systems that use Network Behavioral Analysis (NBA) principle struggle with performance and privacy issues on large-scale networks. Because of that many researchers focus on fast and simple bot detection methods that at the same time useas little information as possible to avoid privacy violations. Next, deep inspections, reverse engineering, clustering and other time consuming approaches are typically unfeasible in large-scale networks. In this paper we present a novel technique that uses User- Agent field contained in the HTTP header, that can be easily obtained from the web proxy logs, to identify malware that uses User-Agents discrepant with the ones actually used by the infected user. We are using statistical information about theusage of the User-Agent of each user together with the usage of particular User-Agent across the whole analyzed network and typically visited domains. Using those statistics we can identify anomalies, which we proved to be caused by malw

Název v anglickém jazyce

Malware detection using HTTP user-agent discrepancy identification

Popis výsledku anglicky

Botnet detection systems that use Network Behavioral Analysis (NBA) principle struggle with performance and privacy issues on large-scale networks. Because of that many researchers focus on fast and simple bot detection methods that at the same time useas little information as possible to avoid privacy violations. Next, deep inspections, reverse engineering, clustering and other time consuming approaches are typically unfeasible in large-scale networks. In this paper we present a novel technique that uses User- Agent field contained in the HTTP header, that can be easily obtained from the web proxy logs, to identify malware that uses User-Agents discrepant with the ones actually used by the infected user. We are using statistical information about theusage of the User-Agent of each user together with the usage of particular User-Agent across the whole analyzed network and typically visited domains. Using those statistics we can identify anomalies, which we proved to be caused by malw

Druh

D - Stať ve sborníku

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2014 IEEE International W orkshop on Information Forensics and Security (WIFS)

ISBN

978-1-4799-8882-2

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

221-226

Název nakladatele

IEEE

Místo vydání

Piscataway

Místo konání akce

Atlanta

Datum konání akce

3. 12. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—