![]() runtime monitoring, has proven to be a well-established and effective tool to understand the workings of yet unknown software. In-depth analysis of the two protocols that are most popular among malware authors, DNS and HTTP, helps to understand and characterize the usage of these prevalent protocols.ĭynamic analysis, i.e. The resulting network behavior was dissected in our new analysis environment called Sandnet that complements existing systems by focusing on network traffic analysis. We provide a comprehensive overview of typical malware network behavior by discussing the results that we obtained during the analysis of more than 100,000 malware samples. While existing systems mainly focus on host-level activities of malware and limit the analysis period to a few minutes, we concentrate on the network behavior of malware over longer periods. ![]() ![]() In Proceedings of the Workshop on Building Analysis Datasets and Gathering Experience Returns for Security – BADGERS 2011,ĭynamic analysis of malware is widely used to obtain a better understanding of unknown software. “Sandnet: Network Traffic Analysis of Malicious Software”. Pohlmann Sandnet: Network Traffic Analysis of Malicious SoftwareĬ. Sandnet: Network Traffic Analysis of Malicious Software - Prof.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |