Detecting malware based on expired command-and-control traffic
In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a f...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi - SAGE Publishing
2017-07-01
|
| Series: | International Journal of Distributed Sensor Networks |
| Online Access: | https://doi.org/10.1177/1550147717720791 |
| _version_ | 1797764919893950464 |
|---|---|
| author | Futai Zou Siyu Zhang Linsen Li Li Pan Jianhua Li |
| author_facet | Futai Zou Siyu Zhang Linsen Li Li Pan Jianhua Li |
| author_sort | Futai Zou |
| collection | DOAJ |
| description | In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment. |
| first_indexed | 2024-03-12T20:03:38Z |
| format | Article |
| id | doaj.art-4ae26fe217ec42498bc37a11ec0322c8 |
| institution | Directory Open Access Journal |
| issn | 1550-1477 |
| language | English |
| last_indexed | 2024-03-12T20:03:38Z |
| publishDate | 2017-07-01 |
| publisher | Hindawi - SAGE Publishing |
| record_format | Article |
| series | International Journal of Distributed Sensor Networks |
| spelling | doaj.art-4ae26fe217ec42498bc37a11ec0322c82023-08-02T02:16:18ZengHindawi - SAGE PublishingInternational Journal of Distributed Sensor Networks1550-14772017-07-011310.1177/1550147717720791Detecting malware based on expired command-and-control trafficFutai Zou0Siyu Zhang1Linsen Li2Li Pan3Jianhua Li4School of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaNetwork and Information Center, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaIn this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.https://doi.org/10.1177/1550147717720791 |
| spellingShingle | Futai Zou Siyu Zhang Linsen Li Li Pan Jianhua Li Detecting malware based on expired command-and-control traffic International Journal of Distributed Sensor Networks |
| title | Detecting malware based on expired command-and-control traffic |
| title_full | Detecting malware based on expired command-and-control traffic |
| title_fullStr | Detecting malware based on expired command-and-control traffic |
| title_full_unstemmed | Detecting malware based on expired command-and-control traffic |
| title_short | Detecting malware based on expired command-and-control traffic |
| title_sort | detecting malware based on expired command and control traffic |
| url | https://doi.org/10.1177/1550147717720791 |
| work_keys_str_mv | AT futaizou detectingmalwarebasedonexpiredcommandandcontroltraffic AT siyuzhang detectingmalwarebasedonexpiredcommandandcontroltraffic AT linsenli detectingmalwarebasedonexpiredcommandandcontroltraffic AT lipan detectingmalwarebasedonexpiredcommandandcontroltraffic AT jianhuali detectingmalwarebasedonexpiredcommandandcontroltraffic |