Detail publikace
Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study
RADER, R. JEŘÁBEK, K. RYŠAVÝ, O.
Originální název
Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study
Typ
článek ve sborníku mimo WoS a Scopus
Jazyk
angličtina
Originální abstrakt
This paper presents a novel approach for detecting the FluBot malware, an advanced Android banking Trojan that has been observed in active attacks in 2021 and 2022. The proposed method uses a two-layer detection mechanism to identify FluBot network connections. In the first layer, a machine learning algorithm is used to detect DNS-over-HTTPS (DoH) within Netflow records. The second layer uses a modified version of an existing domain generation algorithm (DGA) detection algorithm to target the DoH connections associated with the FluBot malware specifically. To evaluate the effectiveness of this approach, we used a dataset consisting of FluBot network traffic captured in a controlled sandbox environment. The preliminary results show that our DoH classifier achieves high accuracy and detection rates in identifying instances of FluBot malware, while maintaining a low false positive rate.
Klíčová slova
DoH detection, malware detection, computer communication analysis, packet classification
Autoři
RADER, R.; JEŘÁBEK, K.; RYŠAVÝ, O.
Vydáno
12. 5. 2023
Nakladatel
IEEE Computer Society
Místo
Daytona Beach
ISBN
979-8-3503-0074-1
Kniha
IEEE 48th Conference on Local Computer Networks (LCN)
Strany od
50
Strany do
54
Strany počet
4
URL
BibTex
@inproceedings{BUT184570,
author="Roman {Rader} and Kamil {Jeřábek} and Ondřej {Ryšavý}",
title="Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study",
booktitle="IEEE 48th Conference on Local Computer Networks (LCN)",
year="2023",
pages="50--54",
publisher="IEEE Computer Society",
address="Daytona Beach",
doi="10.1109/LCN58197.2023.10223341",
isbn="979-8-3503-0074-1",
url="https://www.fit.vut.cz/research/publication/13007/"
}
Odpovědnost: Ing. Marek Strakoš