Almost any malware attack involves data communication between the infected host and the attacker host/server allowing the latter to remotely control the infected host. The remote control is achieved through opening different types of sessions such as remote desktop, webcam video streaming, file transfer, etc. In this paper, we present a traffic analysis based malware detection technique using Hidden Markov Model (HMM). The main contribution is that the proposed system does not only detect malware infections but also identifies with precision the type of malicious session opened by the attacker. The empirical analysis shows that the proposed detection system has a stable identification precision of 90% and that it allows to identify between 40% and 75% of all malicious sessions in typical network traffic.
CITATION STYLE
Zhioua, S., Jabeur, A. B., Langar, M., & Ilahi, W. (2015). Detecting malicious sessions through traffic fingerprinting using hidden markov models. In Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (Vol. 152, pp. 623–631). Springer Verlag. https://doi.org/10.1007/978-3-319-23829-6_47
Mendeley helps you to discover research relevant for your work.