Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Botzilla: Detecting the "phoning home" of malicious software

 
: Rieck, K.; Schwenk, G.; Limmer, T.; Holz, T.; Laskov, P.

:

Proceedings of the 25th Annual ACM Symposium on Applied Computing 2010. CD-ROM : Sierre, Switzerland, March 22 - 26, 2010
New York: ACM, 2010
ISBN: 978-1-605-58638-0
S.1978-1984
Annual ACM Symposium on Applied Computing <25, 2010, Sierre>
Englisch
Konferenzbeitrag
Fraunhofer FIRST ()

Abstract
Hosts infected with malicious software, so called malware, are ubiquitous in today's computer networks. The means whereby malware can infiltrate a network are manifold and range from exploiting of software vulnerabilities to tricking a user into executing malicious code. Monitoring and detection of all possible infection vectors is intractable in practice. Hence, we approach the problem of detecting malicious software at a later point when it initiates contact with its maintainer; a process referred to as "phoning home". In particular, we introduce Botzilla, a method for detection of malware communication, which proceeds by repetitively recording network traffic of malware in a controlled environment and generating network signatures from invariant content patterns. Experiments conducted at a large university network demonstrate the ability of Botzilla to accurately identify malware communication in network traffic with very low false-positive rates.

: http://publica.fraunhofer.de/dokumente/N-169165.html