Date Added: Nov 2010
Malicious software (malware) with decentralized communication infrastructure, such as peer-to-peer botnets, is difficult to detect. In this paper, the authors describe a traffic-sanitization method for identifying malware-triggered outbound connections from a personal computer. The solution correlates user activities with the content of outbound traffic. The key observation is that user-initiated outbound traffic typically has corresponding human inputs, i.e., keystroke or mouse clicks. The analysis on the causal relations between user inputs and packet payload enables the efficient enforcement of the inter-packet dependency at the application level.