Share Email Print

Proceedings Paper

Identifying compromised systems through correlation of suspicious traffic from malware behavioral analysis
Author(s): Ana E. F. Camilo; André Grégio; Rafael D. C. Santos
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

Malware detection may be accomplished through the analysis of their infection behavior. To do so, dynamic analysis systems run malware samples and extract their operating system activities and network traffic. This traffic may represent malware accessing external systems, either to steal sensitive data from victims or to fetch other malicious artifacts (configuration files, additional modules, commands). In this work, we propose the use of visualization as a tool to identify compromised systems based on correlating malware communications in the form of graphs and finding isomorphisms between them. We produced graphs from over 6 thousand distinct network traffic files captured during malware execution and analyzed the existing relationships among malware samples and IP addresses.

Paper Details

Date Published: 12 May 2016
PDF: 10 pages
Proc. SPIE 9826, Cyber Sensing 2016, 982606 (12 May 2016); doi: 10.1117/12.2223968
Show Author Affiliations
Ana E. F. Camilo, Instituto Nacional de Pesquisas Espaciais (Brazil)
André Grégio, Ctr. de Tecnologia da Informacao Renato Archer (Brazil)
Rafael D. C. Santos, Instituto Nacional de Pesquisas Espaciais (Brazil)

Published in SPIE Proceedings Vol. 9826:
Cyber Sensing 2016
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top