Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces

This paper presents a novel network-level behavioral malware clustering system. The paper focuses on the analysis of structural similarities among malicious HTTP traffic traces generated by executing HTTP-based malware. The work is motivated by the need to provide quality input to algorithms that automatically generate network signatures. Accordingly, the paper defines similarity metrics among HTTP traces and develops the system so that the resulting clusters can yield high quality malware signatures. The paper implemented a proof-of-concept version of the network-level malware clustering system and performed experiments with more than 25,000 distinct malware samples.

Provided by: Georgia Institute of Technology Topic: Security Date Added: Feb 2010 Format: PDF

Find By Topic