@InProceedings{CamiloGregSant:2016:IdCoSy,
author = "Camilo, Ana Ercilia Fernandes and Gregio, Andr{\'e} and Santos,
Rafael Duarte Coelho dos",
affiliation = "{Instituto Nacional de Pesquisas Espaciais (INPE)} and {Centro de
Tencologia da Informa{\c{c}}a{\~o}} and {Instituto Nacional de
Pesquisas Espaciais (INPE)}",
title = "Identifying compromised systems through correlation of suspicious
traffic from malware behavioral analysis",
booktitle = "Proceedings...",
year = "2016",
editor = "Ternovskiy, Igor V. and Chin, Peter",
organization = "Cyber Sensing 2016.",
publisher = "SPIE",
note = "Proceedings of the SPIE, v.9826",
abstract = "Malware detection may be accomplished through the analysis of
their infection behavior. To do so, dynamic analysis systems run
malware samples and extract their operating system activities and
network traffic. This traffic may represent malware accessing
external systems, either to steal sensitive data from victims or
to fetch other malicious artifacts (configuration files,
additional modules, commands). In this work, we propose the use of
visualization as a tool to identify compromised systems based on
correlating malware communications in the form of graphs and
finding isomorphisms between them. We produced graphs from over 6
thousand distinct network traffic files captured during malware
execution and analyzed the existing relationships among malware
samples and IP addresses.",
conference-location = "Baltimore, Maryland",
conference-year = "17 Apr.",
doi = "10.1117/12.2223968",
url = "http://dx.doi.org/10.1117/12.2223968",
language = "en",
targetfile = "camilo_identifying.pdf",
urlaccessdate = "28 abr. 2024"
}