User-Assisted Host-Based Detection of Outbound Malware Traffic
Source: Rutgers University
Conventional network security solutions are performed on network layer packets using statistical measures. These types of traffic analysis may not catch stealthy attacks carried out by today's malware. The authors aim to develop a host-based security tool that identifies suspicious outbound network connections through analyzing the user's surfing activities. Specifically, the solution for Web applications predicts user's network connections by analyzing Web content; unpredicted traffic is further investigated with the user's help. This paper describes the method and implementation as well as the experimental results in evaluating its efficiency and effectiveness.