Modelling the Network behaviour of Malware to Block Malicious Patterns. The Stratosphere Project: a Behavioural IPS

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00237274" target="_blank" >RIV/68407700:21230/15:00237274 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.virusbtn.com/conference/vb2015/abstracts/Garcia.xml" target="_blank" >https://www.virusbtn.com/conference/vb2015/abstracts/Garcia.xml</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Modelling the Network behaviour of Malware to Block Malicious Patterns. The Stratosphere Project: a Behavioural IPS

Popis výsledku v původním jazyce

Current malware traffic detection solutions work mostly by using static fingerprints, whitelists and blacklists, and crowd-sourced threat intelligence analytics. These methods are useful for detecting known malware in real time, but are insufficient to detect unknown malicious trends and attacks. Our proposed complementary solution is to analyse the inherent patterns of malware actions in the network by means of machine learning algorithms. In particular, we use Markov Chains-based algorithms to find network patterns that are independent of static features, such as IP addresses or payloads. These patterns are used to build behavioural models of malware actions that are later used to detect similar traffic in the network. All these models and detectionalgorithms were used to create a free software intrusion prevention system, called Stratosphere IPS, which is thoroughly tested with normal and malicious traffic. The IPS is able to detect new network patterns that are similar to the know

Název v anglickém jazyce

Modelling the Network behaviour of Malware to Block Malicious Patterns. The Stratosphere Project: a Behavioural IPS

Popis výsledku anglicky

Current malware traffic detection solutions work mostly by using static fingerprints, whitelists and blacklists, and crowd-sourced threat intelligence analytics. These methods are useful for detecting known malware in real time, but are insufficient to detect unknown malicious trends and attacks. Our proposed complementary solution is to analyse the inherent patterns of malware actions in the network by means of machine learning algorithms. In particular, we use Markov Chains-based algorithms to find network patterns that are independent of static features, such as IP addresses or payloads. These patterns are used to build behavioural models of malware actions that are later used to detect similar traffic in the network. All these models and detectionalgorithms were used to create a free software intrusion prevention system, called Stratosphere IPS, which is thoroughly tested with normal and malicious traffic. The IPS is able to detect new network patterns that are similar to the know

Druh

O - Ostatní výsledky

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů