Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICC
2007
IEEE
2007
IEEE
Using Session-Keystroke Mutual Information to Detect Self-Propagating Malicious Codes
— In this paper, we propose an endpoint-based joint network-host anomaly detection technique to detect selfpropagating malicious codes. Our proposed technique is based on the observation that on any endpoint there exists very high correlation between benign network sessions and the keystrokes that trigger these sessions. Specifically, users generally use a few keystrokes to trigger most of the benign network sessions. On the other hand, malicious sessions originating from a compromised endpoint will not have the session-keystroke correlation. We leverage this observation in a novel information-theoretic framework that characterizes the session-keystroke correlation in terms of their mutual information. Changes in session-keystroke mutual information are used to detect malicious codes in an automated and real-time fashion. To evaluate the proposed anomaly detector, we use actual traffic and keystroke data collected on benign and infected endpoints. We show that the proposed anomaly ...
Real-time TrafficBenign Network Sessions | Communications | ICC 2007 | Malicious Codes | Session-keystroke Correlation |
| Added | 02 Jun 2010 |
| Updated | 02 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | ICC |
| Authors | Syed A. Khayam, Hayder Radha |
Comments (0)
Researcher Info
|
