Advertisement

System Network Activity Monitoring for Malware Threats Detection

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 431)

Abstract

Monitoring network communication is one of the primary methods used for years to combat network threats. Recent attacks on corporations networks shows that classical perimeter centric detection methods, based on the analysis of signatures, statistical anomalies or heuristic methods aimed at protection from the outside do not work, and are easily circumvented by new generations of malware. Increasingly apparent becomes the need to create additional internal line of defense, aimed at detecting and blocking what penetrated inside and operates in a network environment. The paper presents such solution – a new method for threats detection, based on novel principle – local monitoring and analysis of the system and application’s network activity, detecting traces of malware operation to the level of process running on the system.

Keywords

outbound traffic monitoring malware infection detection system network activity multi-level system defense 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    2013 Data Breach Investigations Report. Verizon, http://www.verizonenterprise.com/DBIR/2013/
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6.
    Piper, S.: Definitive Guide to Next-Generation Threat Protection. CyberEdge Group, LLC, http://www2.fireeye.com/definitive-guide-next-gen-threats.html
  7. 7.
    Assessing the Effectiveness of Antivirus Solutions, Hacker Intelligence Initiative, Monthly Trend Report #14, http://www.imperva.com/docs/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf
  8. 8.
    Skrzewski, M.: Analyzing Outbound Network Traffic. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2011. CCIS, vol. 160, pp. 204–213. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
  10. 10.
    IBM X-Force 2013 Mid-Year Trend and Risk Report. IBM, http://www-03.ibm.com/security/xforce/downloads.html
  11. 11.
  12. 12.
    Skrzewski, M.: Monitoring system’s network activity for rootkit malware detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2013. CCIS, vol. 370, pp. 157–165. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Politechnika Śląska, Instytut InformatykiGliwicePolska

Personalised recommendations