- document
-
Bortolameotti, Riccardo (author), Van Ede, Thijs (author), Continella, Andrea (author), Hupperich, Thomas (author), Everts, Maarten H. (author), Rafati, Reza (author), Jonker, Willem (author), Hartel, P.H. (author), Peter, Andreas (author)Passive application fingerprinting is a technique to detect anomalous outgoing connections. By monitoring the network traffic, a security monitor passively learns the network characteristics of the applications installed on each machine, and uses them to detect the presence of new applications (e.g., malware infection). In this work, we...conference paper 2020
- document
-
Bortolameotti, Riccardo (author), van Ede, Thijs (author), Caselli, Marco (author), Everts, M.H. (author), Hartel, P.H. (author), Hofstede, Rick (author), Jonker, Willem (author), Peter, A. (author)We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprints extracted from a host's network traffic. We evaluate a prototype...conference paper 2017