We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Network Behavior of Targeted Attacks

Formal Metadata

Title
The Network Behavior of Targeted Attacks
Subtitle
Models for Malware Identification and Detection
Alternative Title
The Stratosphere project
Title of Series
Part Number
24
Number of Parts
29
Author
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date2015
LanguageEnglish

Content Metadata

Subject Area
Genre
Abstract
The network patterns of Targeted Attacks are very different from usual malware because of the different goals of the attackers. Therefore, it is difficult to detect targeted attacks looking for DNS anomalies, DGA traffic or HTTP patterns. However, our analysis of targeted attacks reveals novel patterns in their network communication. These patterns were incorporated into our Stratosphere IPS in order to model, identify and detect the traffic of targeted attacks. With this knowledge it is possible to alert attacks in the network within a short time, independently of the malware used. The Stratosphere project analyzes the inherent patterns of malware actions in the network using Machine Learning. It uses Markov Chain's algorithms to find patterns that are independent of static features. These patterns are used to build behavioral models of malware actions that are later used to detect similar traffic in the network. The tool and datasets are freely published.