Skip to search formSkip to main contentSkip to account menu

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection

This paper presents a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C &C server names/addresses).
View Paper (opens in a new tab)

A data mining framework for building intrusion detection models

A data mining framework for adaptively building Intrusion Detection (ID) models is described, to utilize auditing programs to extract an extensive set of features that describe each network connection or host session, and apply data mining programs to learn rules that accurately capture the behavior of intrusions and normal activities.
View on IEEE (opens in a new tab)

Ether: malware analysis via hardware virtualization extensions

Ether, a transparent and external approach to malware analysis, is proposed, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware.
View on ACM (opens in a new tab)

BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic

This paper proposes an approach that uses network-based anomaly detection to identify botnet C&C channels in a local area network without any prior knowledge of signatures or C &C server addresses, and shows that BotSniffer can detect real-world botnets with high accuracy and has a very low false positive rate.
View Paper (opens in a new tab)

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation

A new kind of network perimeter monitoring strategy, which focuses on recognizing the infection and coordination dialog that occurs during a successful malware infection, and contrast this strategy to other intrusion detection and alert correlation methods.
View Paper (opens in a new tab)

CHEX: statically vetting Android apps for component hijacking vulnerabilities

This paper proposes CHEX, a static analysis method to automatically vet Android apps for component hijacking vulnerabilities, and prototyped CHEX based on Dalysis, a generic static analysis framework that was built to support many types of analysis on Android app bytecode.
View on ACM (opens in a new tab)

A framework for constructing features and models for intrusion detection systems

A novel framework, MADAM ID, for Mining Audit Data for Automated Models for Instrusion Detection, which uses data mining algorithms to compute activity patterns from system audit data and extracts predictive features from the patterns.
View on ACM (opens in a new tab)

From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware

A new technique to detect randomly generated domains without reversing is presented, finding that most of the DGA-generated domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic.
View Paper (opens in a new tab)

Data Mining Approaches for Intrusion Detection

An agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents is proposed.
View via Publisher (opens in a new tab)

Building a Dynamic Reputation System for DNS

Notos, a dynamic reputation system for DNS, is proposed that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services.
View Paper (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)