Two Methods for Detecting Malware

Abstract

In this paper, we present two ways of detecting malware. The first one takes advantage of a platform that we have developed. The platform includes tools for capturing malware, running code in a controlled environment, and analyzing its interactions with external entities. The platform enables us to detect malware based on the observation of its communication behavior. The second approach uses a method for detecting encrypted Skype traffic and classifying Skype service flows such as voice calls, skypeOut, video conferencing, chat, file upload and download in Skype traffic. The method is based on the Statistical Protocol IDentification (SPID) that analyzes statistical values of some traffic attributes. We apply the method to identify malicious traffic-we have successfully detected the propagation of Worm.Win32.Skipi.b that spreads over the Skype messenger by sending infected messages to all Skype contacts on a victim machine. © Springer-Verlag Berlin Heidelberg 2013.