Abstract

Malware continues to be a major threat to information security. To avoid being detected and analyzed, modern malware is continuously improving its stealthiness. A high number of unique malware samples detected daily suggests a likely high degree of code reuse and obfuscation to avoid detection. Traditional malware detection techniques relying on binary code signatures are greatly hindered by encryption, packing, code polymorphism, and similar other obfuscation techniques. Although obfuscation greatly changes a malware’s binary, its functionalities remain intact.
We propose to study malware’s network behavior during its execution, to understand the malware’s functionality. While malware may transform its code to evade analysis, we contend that its key network behaviors must endure through the transformations to achieve the malware’s ultimate purpose, such as sending victim information …

Date

September 13, 2025

Authors

Xiyue Deng, Jelena Mirkovic

Conference

Selected Papers from the 12th International Networking Conference: INC 2020 12

Pages

3-18

Publisher

Springer International Publishing