Abstract

Malware continues to be a major threat to information security. To avoid being detected and analyzed, modern malware is continuously improving its stealthiness, including code obfuscation and encryption. On the other hand, a high number of unique malware samples detected daily suggests a likely high degree of code reuse under the layers of stealth. We observe that although obfuscation greatly changes a malware's binary, its functionalities remain intact. We propose to leverage malware's network behavior during its execution, to understand the malware's functionality and detect related or even same (polymorphic) malware. While malware may transform its code to evade analysis, we contend that its key network behaviors must endure through the transformations to achieve the malware's ultimate purpose, such as sending victim information, scanning for vulnerable hosts, etc. We propose an encoding of …

Metadata

publication

2022 14th International Conference on COMmunication Systems & NETworkS …, 2022

year

2022

publication date

2022/1/4

authors

Xiyue Deng, Jelena Mirkovic

link

https://ieeexplore.ieee.org/abstract/document/9668396/

resource_link

https://www.isi.edu/people-mirkovic/wp-content/uploads/sites/52/2023/10/a25-dengfinal.pdf

conference

2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS)

pages

138-146

publisher

IEEE