Identification and Recognition of Remote-Controlled Malware

Dietrich, Christian

DissChristianDietrich.pdf - Published

Download (4MB)

URN: urn:nbn:de:bsz:180-madoc-330929
Document Type: Doctoral dissertation
Year of publication: 2012
Place of publication: Mannheim
Publishing house: Universität Mannheim
University: Universität Mannheim
Evaluator: Freiling, Felix
Date of oral examination: 28 March 2013
Publication language: English
Institution: School of Business Informatics and Mathematics > Praktische Informatik I (Freiling -2013)
Subject: 004 Computer science, internet
Subject headings (SWD): Computervirus
Keywords (English): Malware , Botnet , Botnet Detection
Abstract: This thesis encapsulates research on the detection of botnets. First, we design and implement Sandnet, an observation and monitoring infrastructure to study the botnet phenomenon. Using Sandnet, we evaluate detection approaches based on traffic analysis and rogue visual monetization. Therefore, we identify and recognize botnet C&C channels by help of traffic analysis. To a large degree, our clustering and classification leverage the sequence of message lengths per flow. As a result, our implementation, CoCoSpot, proves to reliably detect active C&C communication of a variety of botnet families, even in face of fully encrypted C&C messages. Furthermore, we found a botnet that uses DNS as carrier protocol for its command and control channel. By help of statistical entropy as well as behavioral features, we design and implement a classifier that detects DNS-based C&C, even in mixed network traffic of benign users. Finally, perceptual clustering of Sandnet screenshots enables us to group malware into rogue visual monetization campaigns and study their monetization properties.
Translation of the title: Identifikation and Wiedererkennung von fernsteuerbarer Schadsoftware (German)

Das Dokument wird vom Publikationsserver der Universitätsbibliothek Mannheim bereitgestellt.

Metadata export


+ Search Authors in

+ Download Statistics

Downloads per month over past year

View more statistics

You have found an error? Please let us know about your desired correction here: E-Mail

Actions (login required)

Show item Show item