https://scholars.lib.ntu.edu.tw/handle/123456789/456068
標題: | Combining dynamic passive analysis and active fingerprinting for effective bot malware detection in virtualized environments | 作者: | Hsiao, S.-W. Chen, Y.-N. Sun, Y.S. Chen, M.C. YEALI SUN |
關鍵字: | botnet; fingerprinting; intrusion detection; virtual machine | 公開日期: | 2013 | 卷: | 7873 LNCS | 起(迄)頁: | 699-706 | 來源出版物: | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | 摘要: | We propose a detection mechanism that takes the advantage of virtualized environment and combines both passive and active detection approaches for detecting bot malware. Our proposed passive detection agent lies in the virtual machine monitor to profile the bot behavior and check against it with other hosts. The proposed active detection agent that performs active bot fingerprinting can send specific stimulus to a host and examine if there exists expected triggered behavior. In our experiments, our system can distinguish bots and the benign process with low false alarm. The active fingerprinting technique can detect a bot even when a bot does not do its malicious jobs. © 2013 Springer-Verlag. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/456068 | DOI: | 10.1007/978-3-642-38631-2_59 | SDG/關鍵字: | botnet; Detection mechanism; fingerprinting; Fingerprinting techniques; Malware detection; Virtual machine monitors; Virtual machines; Virtualized environment; Computer crime; Intrusion detection; Virtual reality; Network security |
顯示於: | 資訊管理學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。