Mining malware command and control traces

Research Output

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection of malware command and control channels could help prevent further malicious activity by cyber criminals using the malware. Detection of malware in network traffic is traditionally carried out by identifying specific patterns in packet payloads. Now bot writers encrypt the command and control payloads, making pattern recognition a less effective form of detection. This paper focuses instead on an effective anomaly based detection technique for bot and advanced persistent threats using a data mining approach combined with applied classification algorithms. After additional tuning, the final test on an unseen dataset, false positive rates of 0% with malware detection rates of 100% were achieved on two examined malware threats, with promising results on a number of other threats.

Date:

11 January 2018
Publication Status:

Published
DOI:

10.1109/SAI.2017.8252185
Library of Congress:

QA75 Electronic computers. Computer science
Dewey Decimal Classification:

005.8 Data security

http://researchrepository.napier.ac.uk/output/446322 <p>McLaren, P., Russell, G., & Buchanan, B. (2018). Mining malware command and control traces. In <i>Proceedings of the SAI Computing Conference 2017</i>https://doi.org/10.1109/SAI.2017.8252185</p>

Citation

McLaren, P., Russell, G., & Buchanan, B. (2018). Mining malware command and control traces. In Proceedings of the SAI Computing Conference 2017https://doi.org/10.1109/SAI.2017.8252185

Authors

Dr Peter McLaren

Associate
School of Computing

P.McLaren@napier.ac.uk

Dr Gordon Russell

Associate Professor
School of Computing Engineering and the Built Environment

0131 455 2754

G.Russell@napier.ac.uk

Prof Bill Buchanan

Professor
School of Computing Engineering and the Built Environment

0131 455 2759

B.Buchanan@napier.ac.uk

Keywords

malware; data mining; command and control; anomaly based detection; botnet; advanced persistent threat

Monthly Views:

Available Documents

pdf

Mining Malware Command And Control Traces - Original

550KB

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works
Downloadable citations
HTML BIB RTF

Date:

Publication Status:

DOI:

Library of Congress:

Dewey Decimal Classification: