کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
6884181 | 695584 | 2016 | 19 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Causality reasoning about network events for detecting stealthy malware activities
ترجمه فارسی عنوان
استدلال عقلانی درمورد رویدادهای شبکه برای تشخیص فعالیت های تند و زننده نرم افزارهای مخرب
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
کلمات کلیدی
امنیت شبکه، تشخیص آنومالی، نرم افزار مخرب تند و زننده تجزیه و تحلیل ترافیک، تجزیه و تحلیل وابستگی، طبقه بندی یادگیری ماشین
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
شبکه های کامپیوتری و ارتباطات
چکیده انگلیسی
Malicious software activities have become more and more clandestine, making them challenging to detect. Existing security solutions rely heavily on the recognition of known code or behavior signatures, which are incapable of detecting new malware patterns. We propose to discover the triggering relations on network requests and leverage the structural information to identify stealthy malware activities that cannot be attributed to a legitimate cause. The triggering relation is defined as the temporal and causal relationship between two events. We design and compare rule- and learning-based methods to infer the triggering relations on network data. We further introduce a user-intention based security policy for pinpointing stealthy malware activities based on a triggering relation graph. We extensively evaluate our solution on a DARPA dataset and 7âGB real-world network traffic. Results indicate that our dependence analysis successfully detects various malware activities including spyware, data exfiltrating malware, and DNS bots on hosts. With good scalability for large datasets, the learning-based method achieves better classification accuracy than the rule-based one. The significance of our traffic reasoning approach is its ability to detect new and stealthy malware activities.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 58, May 2016, Pages 180-198
Journal: Computers & Security - Volume 58, May 2016, Pages 180-198
نویسندگان
Hao Zhang, Danfeng (Daphne) Yao, Naren Ramakrishnan, Zhibin Zhang,