Mining Network Behavior Specifications of Malware Based on Binary Analysis
Nowadays,malware,especially for a botnet,heavily employs network communication to accomplish predefined malicious functionalities.The network behavior of malware attracts attention of researchers.However,the network traffic used for network-based signatures generation and botnet detection is captured passively from an execution environment,that there are several limitations.In this paper,we present a network behavior mining approach based on binary analysis,named NBSBA.Our goal is to accurately understand the network behavior of malware in details,capture the packets the malware sample under analysis launched as soon as possible,and extract network behavior of malware as completely as possible.We firstly give a network behavior specification and then describe the NBSBA.And we implement a prototype system to evaluate the NBSBA.The experiment demonstrates that our approach is efficient.
Network Behavior Binary Analysis Malware
Peidai Xie Yongjun Wang Huabiao Lu
College of Computer, National University of Defense Technology, Changsha Hunan, China
国内会议
张家界
英文
213-216
2013-07-01(万方平台首次上网日期,不代表论文的发表时间)