Detecting Malware with Graph-Based Methods: Traffic Classification, Botnets, and Facebook Scams
In this paper, the authors highlight two topics on security from their lab. First, they address the problem of internet traffic classification (e.g. web, file-sharing, or botnet?). They present a fundamentally different approach to classifying traffic that studies the network wide behavior by modeling the interactions of users as a graph. By contrast, most previous approaches use statistics such as packet sizes and inter-packet delays. They show how their approach gives rise to novel and powerful ways to: visualize the traffic, model the behavior of applications, and detect abnormalities and attacks. Extending this approach, they develop entelecheia, a botnet-detection method.