Welcome Stranger to OCC!Login | Register

Study Suggests Network Traffic Can Help Stop Malware Attack

Category: Science & Technology
Posted: 11:20AM
Author:

Before large malware attacks, systems need to be infected by the malware, where it can linger undetected for weeks or months. Until a sample of the malware is discovered, traditional anti-virus software cannot remove it, but researchers at Georgia Institute of Technology, with collaboration from EURECOM and the IMDEA Software Institute, have found a way to help catch malware before it is activated. The key is monitoring network traffic.

For many pieces of malware, it needs to communicate with command and control computers, and this communication naturally involves network traffic. The researchers looked at over five billion network events from five years of ISP data and the DNS requests made by 27 million malware samples, and then compared them to the re-registration of expired domains. Such domains are often used as the launch sites for malware attacks and certain networks are more prone to abuse than others. Interestingly though, there were often months of lag time between a domain name being re-registered and attacks starting. To help with this work, the researchers created a filtering system to distinguish between benign and malicious traffic, which also involved the largest malware classification to date, differentiating malware from potentially unwanted programs.

In the end the researchers found there were signals of malware infection weeks to months before the malware was found. For this defense strategy to work though, network administrators will need to learn what normal behavior is for their networks so that bad activity can be identified, but it still indicates how the next generation of defense mechanisms can be designed.

Source: Georgia Institute of Technology



Register as a member to subscribe comments.

This news has comment postings disabled because it is now archived.

© 2001-2017 Overclockers Club ® Privacy Policy
Elapsed: 0.0938870907   (xlweb1)