Work on large-scale analysis of malware network communication published at top-ranked conference

Work on large-scale analysis of malware network communication published at top-ranked conference

June 15, 2017

Faculty member Juan Caballero and Ph.D.student Platon Kotzias Platon Kotzias have a paper at the 36th IEEE Symposium on Security and Privacy, a top-ranked conference held in San Jose, CA. The paper was in collaboration with Chaz Lever and Manos Antonakakis from Georgia Institute of Technology and Davide Balzarotti from Eurecom, France. The work, that can be found here, performs a large-scale analysis of malware network communication using 26.8 million malware samples in combination with over 5 billion DNS queries collected from a large North American internet service provider (ISP). Among other, they discover that domains contacted from malware are observed in ISP network traffic often weeks or months before the malware shows up in the malware feeds. They also show that potentially unwanted programs (PUPs) rely on a surprisingly stable DNS and IP infrastructure.

The paper has been recently presented at the 40th M3AAWG General Meeting in Lisbon on June 15th.