2013
DOI: 10.1007/978-3-642-40203-6_31
|View full text |Cite
|
Sign up to set email alerts
|

Measuring and Detecting Malware Downloads in Live Network Traffic

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
21
0

Year Published

2015
2015
2019
2019

Publication Types

Select...
4
3
1

Relationship

1
7

Authors

Journals

citations
Cited by 33 publications
(22 citation statements)
references
References 7 publications
0
21
0
Order By: Relevance
“…Other papers extract network-related inputs by monitoring the network and analysing incoming and outgoing traffic [66,24,41]. A complementary approach consists in analysing download patterns of network users in a monitored network [22]. It does not require sample execution and focuses on network features related to the download of a sample, such as the website from which the file has been downloaded.…”
Section: Portable Executable Featuresmentioning
confidence: 99%
“…Other papers extract network-related inputs by monitoring the network and analysing incoming and outgoing traffic [66,24,41]. A complementary approach consists in analysing download patterns of network users in a monitored network [22]. It does not require sample execution and focuses on network features related to the download of a sample, such as the website from which the file has been downloaded.…”
Section: Portable Executable Featuresmentioning
confidence: 99%
“…Protecting Systems and Networks. Numerous alternatives to blacklists and anti-viruses were proposed to help protect networked systems (e.g., [32,33,40,56,57,62,63,67,82,83,91]). For instance, Gu et al proposed techniques to detect bots within networks [32,33].…”
Section: Related Workmentioning
confidence: 99%
“…This is in contrast with previous works, which attempt to detect malware downloads based primarily on features derived from network traffic [12,19,22] or that only consider the "relationships" between machines and files [8]. In addition, unlike [19], our system is not limited to detecting browser-initiated malware downloads (e.g., via drive-by and social engineering attacks), and instead aims to detect any malware download, including malware updates, second-stage malware drops, pay-perinstall malware downloads, etc.…”
Section: Introductionmentioning
confidence: 72%
“…AMICO [22] and Google's CAMP [19] distinguish between benign and malicious files by reasoning on the download behavior of client machines. However, we identify several fundamental differences with our work.…”
Section: Related Workmentioning
confidence: 99%