We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Network Behavior of Targeted Attacks

Formale Metadaten

Titel
The Network Behavior of Targeted Attacks
Untertitel
Models for Malware Identification and Detection
Alternativer Titel
The Stratosphere project
Serientitel
Teil
24
Anzahl der Teile
29
Autor
Lizenz
CC-Namensnennung 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr2015
SpracheEnglisch

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
The network patterns of Targeted Attacks are very different from usual malware because of the different goals of the attackers. Therefore, it is difficult to detect targeted attacks looking for DNS anomalies, DGA traffic or HTTP patterns. However, our analysis of targeted attacks reveals novel patterns in their network communication. These patterns were incorporated into our Stratosphere IPS in order to model, identify and detect the traffic of targeted attacks. With this knowledge it is possible to alert attacks in the network within a short time, independently of the malware used. The Stratosphere project analyzes the inherent patterns of malware actions in the network using Machine Learning. It uses Markov Chain's algorithms to find patterns that are independent of static features. These patterns are used to build behavioral models of malware actions that are later used to detect similar traffic in the network. The tool and datasets are freely published.