Report - Sandnet: Network Traffic Analysis of Malicious Software
Malicious software has become one of the biggest threats to the Internet security. During the last years, researchers have started to dynamically analyze malware, i.e. to execute viruses in so called contained environments and observe the behavior of the malware. While most of these systems focus on analyzing the host behavior, we developed a system called Sandnet with a strong focus on the network behavior of malware. Sandnet is in place at if(is) since 2010 and we analyzed more than distinct 100,000 malware as of April 2011. Its official website is here.
Last week I presented first results of Sandnet at the ACM BADGERS Workshop in Salzburg, Vienna. The feedback we have received was very positive and I had the chance to meet other very interesting researchers in the same field. As a next step of research, we are going to cluster malware based on its network behavior.