Riccardo
4 records found
1
Authored
HeadPrint
Detecting anomalous communications through header-based application fingerprinting
Passive application fingerprinting is a technique to detect anomalous outgoing connections. By monitoring the network traffic, a security monitor passively learns the network characteristics of the applications installed on each machine, and uses them to detect the presence of ...
We investigate the problem of detecting advanced covert channel techniques, namely victim-aware adaptive covert channels. An adaptive covert channel is considered victim-aware when the attacker mimics the content of its victim’s legitimate communication, such as application-la ...
DECANTeR
DEteCtion of Anomalous outbouNd HTTP Traffic by Passive Application Fingerprinting
We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprin ...