Detecting malware based on expired command-and-control traffic

Detecting malware based on expired command-and-control traffic

In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a f...

Full description

Bibliographic Details
Main Authors: Futai Zou, Siyu Zhang, Linsen Li, Li Pan, Jianhua Li
Format: Article
Language:English
Published: SAGE Publishing 2017-07-01
Series:International Journal of Distributed Sensor Networks
Online Access:https://doi.org/10.1177/1550147717720791
id doaj-4ae26fe217ec42498bc37a11ec0322c8
record_format Article
spelling doaj-4ae26fe217ec42498bc37a11ec0322c82020-11-25T03:24:49ZengSAGE PublishingInternational Journal of Distributed Sensor Networks1550-14772017-07-011310.1177/1550147717720791Detecting malware based on expired command-and-control trafficFutai Zou0Siyu Zhang1Linsen Li2Li Pan3Jianhua Li4School of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaNetwork and Information Center, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaSchool of Cyberspace Security, Shanghai Jiao Tong University, Shanghai, ChinaIn this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.https://doi.org/10.1177/1550147717720791
collection DOAJ
language English
format Article
sources DOAJ
author Futai Zou
Siyu Zhang
Linsen Li
Li Pan
Jianhua Li
spellingShingle Futai Zou
Siyu Zhang
Linsen Li
Li Pan
Jianhua Li
Detecting malware based on expired command-and-control traffic
International Journal of Distributed Sensor Networks
author_facet Futai Zou
Siyu Zhang
Linsen Li
Li Pan
Jianhua Li
author_sort Futai Zou
title Detecting malware based on expired command-and-control traffic
title_short Detecting malware based on expired command-and-control traffic
title_full Detecting malware based on expired command-and-control traffic
title_fullStr Detecting malware based on expired command-and-control traffic
title_full_unstemmed Detecting malware based on expired command-and-control traffic
title_sort detecting malware based on expired command-and-control traffic
publisher SAGE Publishing
series International Journal of Distributed Sensor Networks
issn 1550-1477
publishDate 2017-07-01
description In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.
url https://doi.org/10.1177/1550147717720791
work_keys_str_mv AT futaizou detectingmalwarebasedonexpiredcommandandcontroltraffic
AT siyuzhang detectingmalwarebasedonexpiredcommandandcontroltraffic
AT linsenli detectingmalwarebasedonexpiredcommandandcontroltraffic
AT lipan detectingmalwarebasedonexpiredcommandandcontroltraffic
AT jianhuali detectingmalwarebasedonexpiredcommandandcontroltraffic
_version_ 1724599650120368128

Similar Items