Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Botzilla: Detecting the "phoning home" of malicious software

: Rieck, K.; Schwenk, G.; Limmer, T.; Holz, T.; Laskov, P.


Proceedings of the 25th Annual ACM Symposium on Applied Computing 2010. CD-ROM : Sierre, Switzerland, March 22 - 26, 2010
New York: ACM, 2010
ISBN: 978-1-605-58638-0
Annual ACM Symposium on Applied Computing <25, 2010, Sierre>
Fraunhofer FIRST ()

Hosts infected with malicious software, so called malware, are ubiquitous in today's computer networks. The means whereby malware can infiltrate a network are manifold and range from exploiting of software vulnerabilities to tricking a user into executing malicious code. Monitoring and detection of all possible infection vectors is intractable in practice. Hence, we approach the problem of detecting malicious software at a later point when it initiates contact with its maintainer; a process referred to as "phoning home". In particular, we introduce Botzilla, a method for detection of malware communication, which proceeds by repetitively recording network traffic of malware in a controlled environment and generating network signatures from invariant content patterns. Experiments conducted at a large university network demonstrate the ability of Botzilla to accurately identify malware communication in network traffic with very low false-positive rates.