Modelling the network behaviour of malware to block malicious patterns. The Stratosphere Project: a behavioural IPS

Wednesday 30 September 14:30 - 15:00, Red room

Sebastian Garcia (CTU University - Prague)

  download slides (PDF)

Current malware traffic detection solutions work mostly by using static fingerprints, whitelists and blacklists, and crowd-sourced threat intelligence analytics. These methods are useful for detecting known malware in real time, but are insufficient to detect unknown malicious trends and attacks. Our proposed complementary solution is to analyse the inherent patterns of malware actions in the network by means of machine learning algorithms. In particular, we use Markov Chains-based algorithms to find network patterns that are independent of static features, such as IP addresses or payloads. These patterns are used to build behavioural models of malware actions that are later used to detect similar traffic in the network. All these models and detection algorithms were used to create a free software intrusion prevention system, called Stratosphere IPS, which is thoroughly tested with normal and malicious traffic. The IPS is able to detect new network patterns that are similar to the known malicious behaviours. The Stratosphere IPS tool will be used to show how behavioural models can detect real malware traffic.

Click here for more details about the conference.

Sebastian Garcia

Sebastian Garcia

Sebastian Garcia is a malware researcher and security teacher. He did his Ph.D. on the detection of botnets/malware by analysing their network traffic and creating behavioural models of their actions. He likes to analyse network patterns with machine learning tools, particularly on malware and botnet traffic. He is a researcher in the ATG group of Czech Technical University in Prague. He believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has taught in several countries and universities and worked on penetration testing for both corporations and governments. As a co-founder of the MatesLab hackspace he is a free software advocate and has worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, bluetooth analysis, privacy protection, intruder detection, robotics and biohacking. In the CTU University he manages the Stratosphere IPS project, which is developing a free-software behavioural-based IPS.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.