An In-Depth Study of Open-Source Command and Control Frameworks

机译：深入研究开源命令和控制框架

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Previous work has intensely studied the prevention and detection of malicious network traffic, but current solutions still lack the efficacy needed to detect Remote Access Trojan (RAT) network activity. This deficiency is becoming more of a threat with the releases of open-source implementations that emphasize ease of use while maintaining stealth and modularity. In this paper, we provide a detailed design and analysis of network-based methods that can detect generic RAT behaviors such as polling, and specific detection techniques targeting three popular open-source RATs: Metasploit, Empire, and Pupy. Our methods rely on passive monitoring as well as semi-active scans targeting suspicious servers that are triggered by the passive monitoring system. Our complete classification system achieves a ~98.5% true positive rate and a ~0.01% false positive rate, validating our approach to RAT detection.

机译：先前的工作已经深入研究了恶意网络流量的预防和检测，但是当前的解决方案仍然缺乏检测远程访问特洛伊木马（RAT）网络活动所需的功效。随着开放源代码实现的发布，这种缺陷正变得越来越严重，这些实现强调了易用性，同时又保持了隐身性和模块化。在本文中，我们提供了基于网络的方法的详细设计和分析，这些方法可以检测诸如轮询之类的通用RAT行为，以及针对三种流行的开源RAT（Metasploit，Empire和Pupy）的特定检测技术。我们的方法依赖于被动监视以及针对由被动监视系统触发的可疑服务器的半主动扫描。我们完整的分类系统可达到〜98.5 \％的真实阳性率和〜0.01 \％的假阳性率，从而验证了我们的RAT检测方法。

著录项

来源
《International Conference on Malicious and Unwanted Software》|2018年|1-8|共8页
会议地点
作者
Julien Piet; Blake Anderson; David McGrew;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Payloads; Servers; Radio access technologies; Tools; Cryptography; Open source software; Microsoft Windows;

机译：有效负载;服务器;无线电访问技术;工具;密码学;开源软件; Microsoft Windows;

相似文献

外文文献
中文文献
专利

1. Instrumentino: An open-source modular Python framework for controlling Arduino based experimental instruments [J] . Israel Joel Koenka, Jorge Sáiz, Peter C. Hauser Computer physics communications . 2014,第10期

机译：Instrumentino：用于控制基于Arduino的实验仪器的开源模块化Python框架
2. Controlled Rate Thermal Analysis Commanded by Mass Spectrometry for Studying the Kinetics of Thermal Decomposition of Very Stable Solids [J] . L.A. Perez-Maqueda, J.M. Criado, F.J. Gotor International Journal of Chemical Kinetics . 2002,第3期

机译：质谱法控制的速率受控的热分析，用于研究非常稳定的固体的热分解动力学
3. A study on a new control command input device for functional electrical stimulation system - 2nd report: improvement of control command input method using neural network [J] . Hiroki Higa, Yoshiki Yamashiro, Ikuo Nakamura, 電子情報通信学会技術研究報告. ヒュ-マン情報処理. Human Information Processing . 2001,第594期

机译：新型功能性电刺激系统控制命令输入装置的研究-第2次报告：使用神经网络的控制命令输入方法的改进
4. An In-Depth Study of Open-Source Command and Control Frameworks [C] . Julien Piet, Blake Anderson, David McGrew International Conference on Malicious and Unwanted Software . 2018

机译：深入研究开源命令和控制框架
5. Command and control in the information age: A case study of a representative air power command and control node. [D] . Simpson, Marvin Leo, Jr. 2015

机译：信息时代的指挥与控制：以代表性的空中力量指挥与控制节点为例。
6. FRED (A Framework for Reconstructing Epidemic Dynamics): an open-source software system for modeling infectious diseases and control strategies using census-based populations [O] . John J Grefenstette, Shawn T Brown, Roni Rosenfeld, 2013

机译：FRED（重建流行病动态框架）：一个开源软件系统用于使用基于普查的人群对传染病和控制策略进行建模
7. FRED (A Framework for Reconstructing Epidemic Dynamics): an open-source software system for modeling infectious diseases and control strategies using census-based populations [O] . 2013

机译：FRED（重建流行病动态框架）：一个开源软件系统，用于使用基于普查的人群对传染病和控制策略进行建模
8. Analysing Command Challenges Using the Command and Control Framework: Pilot Study Results [R] . McCann, C. , Pigeau, R. , English, A. 2003

机译：使用命令和控制框架分析命令挑战：试点研究结果

An In-Depth Study of Open-Source Command and Control Frameworks

摘要

著录项

相似文献

相关主题

期刊订阅