Abstract
In this paper, we propose a method for detecting malware-infected hosts with a high rate of detection and a low rate of false positives without using any data on benign communication. Based on the fact that many malware-infected hosts generate multiple HTTP requests, we propose a method using the templates of sets of those HTTP requests. For each malware, this method generates a template that comprises the set of templates of the HTTP requests that the malware generates. We call the set of templates group template. It then detects malware-infected hosts by comparing the set of monitored HTTP requests with the group templates.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Published version (
Free)
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
