https://scholars.lib.ntu.edu.tw/handle/123456789/456068
Title: | Combining dynamic passive analysis and active fingerprinting for effective bot malware detection in virtualized environments | Authors: | Hsiao, S.-W. Chen, Y.-N. Sun, Y.S. Chen, M.C. YEALI SUN |
Keywords: | botnet; fingerprinting; intrusion detection; virtual machine | Issue Date: | 2013 | Journal Volume: | 7873 LNCS | Start page/Pages: | 699-706 | Source: | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Abstract: | We propose a detection mechanism that takes the advantage of virtualized environment and combines both passive and active detection approaches for detecting bot malware. Our proposed passive detection agent lies in the virtual machine monitor to profile the bot behavior and check against it with other hosts. The proposed active detection agent that performs active bot fingerprinting can send specific stimulus to a host and examine if there exists expected triggered behavior. In our experiments, our system can distinguish bots and the benign process with low false alarm. The active fingerprinting technique can detect a bot even when a bot does not do its malicious jobs. © 2013 Springer-Verlag. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/456068 | DOI: | 10.1007/978-3-642-38631-2_59 | SDG/Keyword: | botnet; Detection mechanism; fingerprinting; Fingerprinting techniques; Malware detection; Virtual machine monitors; Virtual machines; Virtualized environment; Computer crime; Intrusion detection; Virtual reality; Network security |
Appears in Collections: | 資訊管理學系 |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.