EFFORT: Efficient and effective bot malware detection Conference Paper uri icon

abstract

  • To detect bots, a lot of detection approaches have been proposed at host or network level so far and both approaches have clear advantages and disadvantages. In this paper, we propose EFFORT, a new host-network cooperated detection framework attempting to overcome shortcomings of both approaches while still keeping both advantages, i.e., effectiveness and efficiency. Based on intrinsic characteristics of bots, we propose a multi-module approach to correlate information from different host- and network-level aspects and design a multi-layered architecture to efficiently coordinate modules to perform heavy monitoring only when necessary. We have implemented our proposed system and evaluated on real-world benign and malicious programs running on several diverse real-life office and home machines for several days. The final results show that our system can detect all 15 real-world bots (e.g., Waledac, Storm) with low false positives (0.68%) and with minimal overhead. We believe EFFORT raises a higher bar and this host-network cooperated design represents a timely effort and a right direction in the malware battle. 2012 IEEE.

name of conference

  • IEEE INFOCOM 2012 - IEEE Conference on Computer Communications

published proceedings

  • 2012 Proceedings IEEE INFOCOM

author list (cited authors)

  • Seungwon Shin, .., Zhaoyan Xu, .., & Guofei Gu.

citation count

  • 38

publication date

  • March 2012

publisher