Information Technology Reference
In-Depth Information
Fig. 3.
Marking the functionality of a packet
In addition, the
NBS
module is also responsible for the construction of the expected
packets and sends them to Assistant System for packets Guest System expected.
3.3
The Assistant System
The Assistant System is a network services supporting environment as well as a net-
work behavior containment system. Several network services are installed in it. A
traffic filter is running for network flow management. For example, if the malware
instance under analysis asks for downloading files, this packet will be redirected to
Internet. While, if a propagating packet is sent out, the packet will be discarded. In
addition, this module also answers the Guest System according the packet description
for triggering some stealing behaviors.
4
Experiment
In this section, we give a simple experiment to evaluate the NBSBA. We implement
the prototype system in a roughly way because it is a very complex platform. The
dataset of the experiment is as shown in
Table 1
. The samples indicated in the last
row are included in the samples indicated in the first row, which is for a comparison.
Table 1.
The dataset of malware samples
Viruses
Trojans
Worms
Bots
Running in NBSBA
5
5
10
15
Running in a real system
2
2
2
2
We picked out 35 malware samples that consist of 5 viruses, 5 Trojans, 15 worms
and 15 bots. Of course, the classification is not strict.
