Classification of packet contents for malware detection

Springer Science and Business Media LLC - 2011

Irfan Ahmed¹, Kyung-suk Lhee²

¹Information Security Institute, Queensland University of Technology, Brisbane, Australia

²Seoul, South Korea

Tóm tắt

Từ khóa

Tài liệu tham khảo

Bro. http://www.bro-ids.org . Accessed 14 Nov 2010

Publicly available library of malwares (VX Heavens). http://vx.netlux.org/ . Accessed 14 Nov 2010

Snort. http://www.snort.org/ . Accessed 14 Nov 2010

Tcpdump. http://www.tcpdump.org . Accessed 14 Nov 2010

Tcptrace. http://www.tcptrace.org . Accessed 14 Nov 2010

Amirani, M.C., Toorani, M., Shirazi, A.A.B.: A new approach to content-based file type detection. In: IEEE Symposium on Computers and Communications (ISCC ’08), pp. 1103–1108 (2008)

Bolzoni, D., Etalle, S., Hartel, P.: Poseidon: a 2-tier anomaly-based network intrusion detection system. In: Fourth IEEE International Workshop on Information Assurance (IWIA’06). London, UK (2006)

Calhoun W.C., Coles D.: Predicting the types of file fragments. Digit. Investig. 5(1), 14–20 (2008)

Criscione, C., Zanero, S.: Masibty: an anomaly based intrusion prevention system for web applications. In: Black Hat Europe. Moevenpick City Center, Amsterdam, Netherlands (2009)

Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: 16th USENIX Security Symposium, Boston, pp. 167–182 (2007)

Harris, R.M.: Using artificial neural networks for forensic file type identification. Technical report, Purdue University (2007)

Kolmogorov A.: Three approaches to the quantitative definition of information. Problems Inf Transmission 1(1), 1–7 (1965)

Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: ACM Symposium on Applied Computing, Madrid, pp. 201–208 (2010)

Li, W.J., Stolfo, S., Stavrou, A., Androulaki, E., Keromytis, A.D.: A study of malcode-bearing documents. In: Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Lucerne, pp. 231–250 (2007)

Li, W.J., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: identifying file types by n-gram analysis. In: Workshop on Information Assurance and Security (IAW’05), pp. 64–71. United States Military Academy, West Point, New York (2005)

Martin, K., Nahid, S.: File type identification of data fragments by their binary structure. In: Proceedings of the 7th Annual IEEE Information Assurance Workshop, pp. 140–147. United States Military Academy, West Point, New York (2006)

Martin, K., Nahid, S.: Oscar: file type identification of binary data in disk clusters and ram pages. In: Proceedings of IFIP International Information Security Conference: Security and Privacy in Dynamic Environments (SEC2006), pp. 413–424 (2006)

McDaniel, M., Heydari, M.H.: Content based file type detection algorithms. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences, vol. 9, p. 332a (2003)

Shafiq, M.Z., Khayam, S.A., Farooq, M.: Embedded malware detection using markov n-grams. In: International Conference on Detection of Intrusions, Malware and Vulnerability Assessment (DIMVA’08), Paris, pp. 88–107 (2008)

Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: 10th ACM Conference on Computer and Communications Security, Washington, DC, pp. 262–271 (2003)

Stolfo S.J., Wang K., Li W.J.: Towards stealthy malware detection. Adv. Inf. Secur. 27, 231–249 (2007)

Tan, P.N., Steinbach, M., Kumar, V.: Classification: alternative techniques. In: Introduction to Data Mining. AddisonWesley, USA (2005)

Veenman, C.J.: Statistical disk cluster classification for file carving. In: IEEE Third International Symposium on Information Assurance and Security, pp. 393–398 (2007)

Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: 9th International Symposium on Recent Advances in Intrusion Detection (RAID’06), Hamburg, pp. 226–248 (2006)

Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Seventh International Symposium on Recent Advances in Intrusion Detection (RAID’04), France, pp. 203–222 (2004)

Wang, X., Pan, C.C., Liu, P., Zhu, S.: Sigfree: a signature-free buffer overflow attack blocker. In: 15th USENIX Security Symposium, Boston, pp. 225–240 (2006)

Zanero, S.: Ulisse, a network intrusion detection system. In: 4th annual workshop on cyber security and information intelligence research (CSIIRW’08). Oak Ridge, TN, USA (2008)

Zhang, Y., Paxson, V.: Detecting backdoors. In: 9th USENIX Security Symposium, Colorado (2000)

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Công cụ kiểm tra chính tả và thể thức Viver

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA