Network analysis can find malware before it strikes

Network traffic analysis should be used more in the fight against malware. That’s because pointers show up on the network “weeks and even months” in advance of new malicious software being uncovered, scientists from the Georgia Institute of Technology explain in an article on the school’s website.

The researchers, who have been studying historic network traffic patterns, say the latest malware tracking should take advantage of inherent network-supplied barometers and stop simply focusing on trying to identify malware code already on networks and machines. By analyzing already-available, suspicious network traffic created by the hackers over a period of time, administrators will be able to pounce and render malware harmless before it can perform damage.

“You know you are sick when you have a fever, before you know exactly what’s causing it,” says Manos Antonakakis, an assistant professor in the School of Electrical and Computer Engineering at Georgia Tech. “The first thing the adversary does is set up a presence on the internet, and that first signal can indicate an infection.”

For example, registering domains is something hackers do and consequently can be tracked.

Leave a Reply

Your email address will not be published. Required fields are marked *