文章基本信息

标题：Detecting malware based on expired command-and-control traffic
本地全文：下载
作者：Futai Zou ; Siyu Zhang ; Linsen Li 等
期刊名称：International Journal of Distributed Sensor Networks
印刷版ISSN：1550-1329
电子版ISSN：1550-1477
出版年度：2017
卷号：13
期号：7
页码：1
DOI：10.1177/1550147717720791
出版社：Hindawi Publishing Corporation
摘要：In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.
关键词：Malware detection; expired command-and-control; domain name system; time sequence analysis