Presentation is loading. Please wait.

Presentation is loading. Please wait.

A lustrum of malware network communication: Evolution & insights

Published byFrank Warner Modified over 6 years ago

Similar presentations

Presentation on theme: "A lustrum of malware network communication: Evolution & insights"— Presentation transcript:

1 A lustrum of malware network communication: Evolution & insights
Authors: Chaz Lever, Platon Kotzias, Davide Ballzarotti, Manson Anotonkakis Presented by: Sohail Akbar Master of Professional Studies in Digital Security Date:

2 Introduction Motivation Problems & Trends Background

3 Internet security threat Introduction
propagation of cybercrime for profit (Zbot,…) Targeted attacks (Aurora,…) Emerging Cyber Warfare (Stuxnet,…)

4 internet security threat introduction
Implications - motivated, well funded adversary - creative attackers – find new vectors to reach victims - adoptive attackers – work actively against defence

5 Key component - Malware Introduction
Malware (Malicious Software) software that fulfils the deliberately harmful intend of an attacker typically installed as a part of compromise or via social engineering Bots, Advance Persistent Threat (APTs) - No more Autonomous - provide remote access to attackers (botmaster) - connect to command and control (C&C) infrastructure - use infected host as platform to lunch malicious activity leverage this Command & Control infrastructure for better defense

6 motivation INTRODUCTION Malware analysis is at the forefront of fight against internet threats. Both the operational & academic security communities have used dynamic malware analysis Network information derived from such dynamic analysis is used for: - Threat detection - Network Polices - Incident Response - other indicators of compromise

7 How effective are these Network Signals ?
Big question?? How effective are these Network Signals ? What are the ways actually reliable to use these?

8 DATA SAMPLES

9 Domain Filtering Invalid domains Benign Domains Spam Domains `
Remove NX domains to reduce the effects of Domain Generation Algorithm (DGA). Reduction from 6.8 M to 1.31M e2LDs. Benign Domains Remove popular domains from Alexa Remove known content delivery Network (CDN) Reduction from 1.31M to 1.21M e2LDS Spam Domains Remove resolutions from binaries with lots of MX lookups Remove resolutions with mail related keywords (i.e mail, smtp,..) Reduction from 1.29M to 329,348 e2LDS `

10 MALWARE COLLECTION (FILTERED)
Collection issue Consistence growth in No. of samples, No. of domains queried and No. of IP addresses Drop in second half of 2014 reflects a failure in our collection infr. No. of malware samples, qnames. e2LDs, & IP according to the execution time of samples

11 PUP / MALWARE Classification
Collection issue Kotzias et al {38} who conduct the same kind of previous work. He observed the same trend in much smaller dataset. Thomas et al measured that Google safe browsing generates 3 times as many detections for PUP as for Malware.

12 MY Criticism Malware landscape is much diverse and constantly evolving : Large and diverse botnets, APT’s, exploitation techniques, C&C, many more… Examining the malicious code involve a variety of tasks, which are long time consuming and can be challenging. There are chances of getting wrong results to execute the malicious code (Malware) in the sandbox, as it could have different configuration settings. Malware usually, have different payloads to execute based on the configuration of infected hosts. That is, one malware sample may behave differently on different hosts if the hosts, for examples, have different versions of internet browsers.

13 MY Criticism In this paper writer suggest that “ Network defenders should rely on Automated malware analysis to extract indicators of compromise and not build early detection system” In my point of view, I am not agree and propose for this project to study and analyze the different methods, tools and techniques for early Network-based Malware detection.

14 Questions!

Download ppt "A lustrum of malware network communication: Evolution & insights"

Similar presentations

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.

Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.
BotNet Detection Techniques By Shreyas Sali

BotNet Detection Techniques By Shreyas Sali
Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.

Palo Alto Networks Modern Malware Cory Grant Regional Sales Manager Palo Alto Networks.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
2010. 5. Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Similar presentations

Ads by Google