Abstract
The number of cyber threats is constantly increasing. In 2013, 200,000 malicious tools were identified each day by antivirus vendors. This figure rose to 800,000 per day in 2014 and then to 1.8 million per day in 2016! The bar of 3 million per day will be crossed in 2017. Traditional security tools (mainly signature-based) show their limits and are less and less effective to detect these new cyber threats. Detecting never-seen-before or zero-day malware, including ransomware, efficiently requires a new approach in cyber security management. This requires a move from signature-based detection to behavior-based detection. We have developed a data breach detection system named CDS using Machine Learning techniques which is able to identify zero-day malware by analyzing the network traffic.
In this paper, we present the capability of the CDS to detect zero-day ransomware, particularly WannaCry.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Gazet, A.: Comparative analysis of various ransomware virii. J. Comput. Virol. 6(1), 77–90 (2010)
CDS Compromise Detection System. https://www.streamscan.io/cds Accessed 07 Aug 2017
Microsoft Security Bulletin MS17-010. https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Simple Message Bloc. https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx. Accessed 07 Aug 2017
EthernalBlue: https://packetstormsecurity.com/files/142169/ETERNALBLUE-2.2.0-Windows-2008-R2-SMBv1-Zero-Day-Exploit.html. Accessed 07 Aug 2017
TOR: https://www.torproject.org/about/overview.html.en. Accessed 07 Aug 2017
Antonakakis, M., et al.: From Throw-Away traffic to bots: detecting the rise of DGA-Based malware. USENIX security symposium, Vol. 12 (2012)
Wireshark. https://www.wireshark.org. Accessed 07 Aug 2017
TCPDUMP: www.tcpdump.org
SNORT Intrusion Detection System. https://www.snort.org/. Accessed 07 Aug 2017
Alienvault Detecting WannaCry Ransomware. http://www.infosec-cloud.com/wp-content/uploads/2017/05/AlienVault-Detect-WannaCry-Ransomware-white-paper.pdf. Accessed 07 Aug 2017
McAfee Labs Threat Advisory, Ransom-WannaCry. https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27077/en_US/McAfee_Labs_WannaCry_May_24.pdf. Accessed 07 Aug 2017
FireEeye Endpoint Security Detect Prevent WannaCry. https://www.fireeye.com/blog/products-and-services/2017/05/fireeye-endpoint-security-detect-prevent-wannacry.html
Zhao, D., Traore, I.: P2P botnet detection through malicious fast flux network identification. In: 7th International Conference on P2P, Parallel, Grid, Cloud, and Internet Computing -3PGCIC 2012, 12–14, Victoria, BC, Canada, November 2012
Gu, G., et al.: BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX Security Symposium, Vol. 5(2) (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ganame, K., Allaire, M.A., Zagdene, G., Boudar, O. (2017). Network Behavioral Analysis for Zero-Day Malware Detection – A Case Study. In: Traore, I., Woungang, I., Awad, A. (eds) Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. ISDDC 2017. Lecture Notes in Computer Science(), vol 10618. Springer, Cham. https://doi.org/10.1007/978-3-319-69155-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-69155-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69154-1
Online ISBN: 978-3-319-69155-8
eBook Packages: Computer ScienceComputer Science (R0)