Information Technology Reference
In-Depth Information
Table 2.
The experiment results
%MaxP
%P
%MaxT
%T
#NBSs #Crashed
Protocols
DNS, HTTP, ICMP, SMTP,
IRC, UDP
2.07
0.07
11.26
0.18
19
26
The result is as shown in
Table 2
. The %MaxP denotes that there is a sample that
we capture a 2.07 times amount of packets more than a regular capture in a real sys-
tem. The %P is an average value of all samples. The %MaxT denotes that there is a
sample that the analysis process is faster 11.26 times than a regular running. The %T
is an average value. We got 19 NBSs and 26 samples crashed during running.
5
Discussion and Conclusion
The network behavior extraction of malware is a critical problem in malware analysis
for malware detection and mitigation. In this paper we proposed a network behavior
specification and a NBS mining approach based on binary analysis techniques. It is a
challenge to figure out a detailed network behavior of malware. The limitations of the
approach are that the evaluation is not enough and the NBSBA should be imple-
mented in detail. Several problems related with NBS mining are studied for feature
work.
Acknowledgements.
This work was supported by the National High Technology
Research and Development Program of China under Grant No. 2011AA01A103, the
National Natural Science Foundation of China under Grant No. 61202482 and No.
61271252, PCSIRT(No.IRT1012), and Aid Program for Science and Technology
Innovative Research Team in Higher Educational Institutions of Hunan Province:
“network technology”. The authors would like to appreciate anonymous reviewers for
their valuable suggestions and comments.
References
1.
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A Survey on Automated Dynamic Malware
Analysis Techniques and Tools. J. ACM Computing Surveys, 1-49 (2010)
2.
Morales, J.A., Al-Bataineh, A., Xu, S., Sandhu, R.: Analyzing and Exploiting Network
Behaviors of Malware. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50,
pp. 20-34. Springer, Heidelberg (2010)
3.
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated
Domain-Flux Attacks with DNS Traffic Analysis. J. Transaction on Network. 20(5) (2012)
4.
Krueger, T., Krämer, N., Rieck, K.: ASAP: Automatic semantics-aware analysis of network
payloads. In: Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., Say-
gin, Y. (eds.) PSDML 2010. LNCS (LNAI), vol. 6549, pp. 50-63. Springer, Heidelberg
(2011)
