View in EDS

A General Framework of Trojan Communication Detection Based on Network Traces.

Saved in:
Bibliographic Details
Title: A General Framework of Trojan Communication Detection Based on Network Traces.
Authors: Li, Shicong, Yun, Xiaochun, Zhang, Yongzheng, Xiao, Jun, Wang, Yipeng
Source: 2012 IEEE Seventh International Conference on Networking, Architecture & Storage; 1/ 1/2012, p49-58, 10p
Abstract: Because of the widespread Trojan, Internet users become more and more vulnerable to the threat of information leakage. Traditional techniques of Trojan detection were classified into two main categories: host-based and network-based. Unfortunately, existing techniques are insufficient and limited, because of the following reasons: (1)only uncover the known Trojan while inefficiently detecting novel samples, (2) should be adjusted in a timely fashion even a trivial change is applied, and (3)become computationally more expensive. In our work, we focus on a network behavior based method to address the limitations of previous network-based approaches. We analyze the profile of network behavior at two levels: (i)flow-level, (ii)IP-level. Our approach present two main advantages: (1)capture more detailed information to describe the network behavior profile, (2)consume lower computational overhead. We proposed a system, Manto, which detects Trojan communication with high accuracy using clustering technique. We implement Manto on real-world traces. The evaluation results exhibit that Manto is suitable for detecting Trojan communication amongst the vast amount of network traffic, with over 91% accuracy and less than 3.2% false positive ratio. We confidently regard our approach as a complementary way to the existing network-based techniques for we could address their main shortcomings. [ABSTRACT FROM PUBLISHER]
Copyright of 2012 IEEE Seventh International Conference on Networking, Architecture & Storage is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:edb&genre=book&issn=&ISBN=9781467318891&volume=&issue=&date=&spage=49&pages=49-58&title=2012 IEEE Seventh International Conference on Networking, Architecture & Storage&atitle=A%20General%20Framework%20of%20Trojan%20Communication%20Detection%20Based%20on%20Network%20Traces.&aulast=Li%2C%20Shicong&id=DOI:10.1109/NAS.2012.10
    Name: Full Text Finder
    Category: fullText
    Text: Full Text Finder
    Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif
    MouseOverText: Full Text Finder
Header DbId: edb
DbLabel: Complementary Index
An: 86572215
RelevancyScore: 849
AccessLevel: 6
PubType: Conference
PubTypeId: conference
PreciseRelevancyScore: 849.323059082031
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: A General Framework of Trojan Communication Detection Based on Network Traces.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Li%2C+Shicong%22">Li, Shicong</searchLink><br /><searchLink fieldCode="AR" term="%22Yun%2C+Xiaochun%22">Yun, Xiaochun</searchLink><br /><searchLink fieldCode="AR" term="%22Zhang%2C+Yongzheng%22">Zhang, Yongzheng</searchLink><br /><searchLink fieldCode="AR" term="%22Xiao%2C+Jun%22">Xiao, Jun</searchLink><br /><searchLink fieldCode="AR" term="%22Wang%2C+Yipeng%22">Wang, Yipeng</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: 2012 IEEE Seventh International Conference on Networking, Architecture & Storage; 1/ 1/2012, p49-58, 10p
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Because of the widespread Trojan, Internet users become more and more vulnerable to the threat of information leakage. Traditional techniques of Trojan detection were classified into two main categories: host-based and network-based. Unfortunately, existing techniques are insufficient and limited, because of the following reasons: (1)only uncover the known Trojan while inefficiently detecting novel samples, (2) should be adjusted in a timely fashion even a trivial change is applied, and (3)become computationally more expensive. In our work, we focus on a network behavior based method to address the limitations of previous network-based approaches. We analyze the profile of network behavior at two levels: (i)flow-level, (ii)IP-level. Our approach present two main advantages: (1)capture more detailed information to describe the network behavior profile, (2)consume lower computational overhead. We proposed a system, Manto, which detects Trojan communication with high accuracy using clustering technique. We implement Manto on real-world traces. The evaluation results exhibit that Manto is suitable for detecting Trojan communication amongst the vast amount of network traffic, with over 91% accuracy and less than 3.2% false positive ratio. We confidently regard our approach as a complementary way to the existing network-based techniques for we could address their main shortcomings. [ABSTRACT FROM PUBLISHER]
– Name: Abstract
  Label:
  Group: Ab
  Data: <i>Copyright of 2012 IEEE Seventh International Conference on Networking, Architecture & Storage is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edb&AN=86572215
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1109/NAS.2012.10
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 10
        StartPage: 49
    Titles:
      – TitleFull: A General Framework of Trojan Communication Detection Based on Network Traces.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Li, Shicong
      – PersonEntity:
          Name:
            NameFull: Yun, Xiaochun
      – PersonEntity:
          Name:
            NameFull: Zhang, Yongzheng
      – PersonEntity:
          Name:
            NameFull: Xiao, Jun
      – PersonEntity:
          Name:
            NameFull: Wang, Yipeng
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Text: 1/ 1/2012
              Type: published
              Y: 2012
          Identifiers:
            – Type: isbn-print
              Value: 9781467318891
          Titles:
            – TitleFull: 2012 IEEE Seventh International Conference on Networking, Architecture & Storage
              Type: main
ResultId 1