ALU Bell Labs: Network Behavior Analysis Helps to Detect Malware Infection

 

A recent article by Jin Cao (picture), Laurent Clevy, Lawrence Menten all from Bell Labs, Alcatel-Lucent discusses "Network detection techniques offer an alternative to existing tools such as antivirus software and personal firewalls. This article will review these challenges and the unique approaches by Alcatel-Lucent Bell Labs researchers for using network behavior analysis to detect malware infection".

See "Security: On the Trail of the Elusive Botnet" - here.

"Current detection methods focus on malware detection software that scans individual computers. However, antivirus software and personal firewalls have proven inadequate. Botnet authors thoroughly test their creations to evade detection, but some malware simply disables these protection mechanisms ... Alcatel-Lucent Bell Labs researchers are working closely with security and product development teams to develop a broad set of network-based botnet detection techniques that can be incorporated into products. Three of the techniques are:

• Offline data mining and statistical analysis
• Behavioral analysis of network traffic at the endpoint
• Analysis of DNS packets at the network perimeter"

See a related post on implementation of DDoS, Botnets and infected subscribers detection - here (such as the chart below, from Allot Communications, demonstrates).