A General Framework of Trojan Communication Detection Based on Network Traces.
Saved in:
| Title: | A General Framework of Trojan Communication Detection Based on Network Traces. |
|---|---|
| Authors: | Li, Shicong, Yun, Xiaochun, Zhang, Yongzheng, Xiao, Jun, Wang, Yipeng |
| Source: | 2012 IEEE Seventh International Conference on Networking, Architecture & Storage; 1/ 1/2012, p49-58, 10p |
| Abstract: | Because of the widespread Trojan, Internet users become more and more vulnerable to the threat of information leakage. Traditional techniques of Trojan detection were classified into two main categories: host-based and network-based. Unfortunately, existing techniques are insufficient and limited, because of the following reasons: (1)only uncover the known Trojan while inefficiently detecting novel samples, (2) should be adjusted in a timely fashion even a trivial change is applied, and (3)become computationally more expensive. In our work, we focus on a network behavior based method to address the limitations of previous network-based approaches. We analyze the profile of network behavior at two levels: (i)flow-level, (ii)IP-level. Our approach present two main advantages: (1)capture more detailed information to describe the network behavior profile, (2)consume lower computational overhead. We proposed a system, Manto, which detects Trojan communication with high accuracy using clustering technique. We implement Manto on real-world traces. The evaluation results exhibit that Manto is suitable for detecting Trojan communication amongst the vast amount of network traffic, with over 91% accuracy and less than 3.2% false positive ratio. We confidently regard our approach as a complementary way to the existing network-based techniques for we could address their main shortcomings. [ABSTRACT FROM PUBLISHER] |
| Copyright of 2012 IEEE Seventh International Conference on Networking, Architecture & Storage is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Complementary Index |
Full Text Finder Be the first to leave a comment!