Skip to main content
Journal ArticleOPEN ACCESS

Detecting malware based on expired command-and-control traffic

International Journal of Distributed Sensor Networks (2017) 13(7)
DOI: 10.1177/1550147717720791
5Citations
Citations of this article
13Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

In this article, we analyze the behavioral characteristics of domain name service queries produced by programs and then design an algorithm to detect malware with expired command-and-control domains based on the key feature of domain name service traffic, that is, repeatedly querying domain with a fixed interval. In total, 3027 malware command-and-control domains in the network traffic of Shanghai Jiao Tong University, affecting 249 hosts, were successfully detected, with a high precision of 92.0%. This algorithm can find those malware with expired command-and-control domains that are usually ignored by current research and would have important value for eliminating network security risks and improving network security environment.

Author supplied keywords

Cite

CITATION STYLE

APA

Zou, F., Zhang, S., Li, L., Pan, L., & Li, J. (2017). Detecting malware based on expired command-and-control traffic. International Journal of Distributed Sensor Networks, 13(7). https://doi.org/10.1177/1550147717720791

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free