As malware poses a major threat on the Internet, malware detection
and mitigation approaches have been developed and used in the
battle against malware. Some malware samples elude these approaches,
while some benign software is marked malicious. Having looked
at the state of the art in detection approaches, we have combined
three, namely honeypots, DNS data analysis and flow data analysis
All three are widely used in corporate networks and can be exerted
for detecting malware. By conducting experiments in which a
workstation in a closed environment gets infected by malware samples,
we have observed that a honeypot is not an effective approach for
malware detection, because no malware tried to reach our honeypot.
However, DNS data analysis and flow data analysis can be combined
to achieve synergy, by providing more information about whether a
workstation is infected by malware, leading to more informed
decisions.
more here...........http://essay.utwente.nl/64999/1/thesis.pdf
and mitigation approaches have been developed and used in the
battle against malware. Some malware samples elude these approaches,
while some benign software is marked malicious. Having looked
at the state of the art in detection approaches, we have combined
three, namely honeypots, DNS data analysis and flow data analysis
All three are widely used in corporate networks and can be exerted
for detecting malware. By conducting experiments in which a
workstation in a closed environment gets infected by malware samples,
we have observed that a honeypot is not an effective approach for
malware detection, because no malware tried to reach our honeypot.
However, DNS data analysis and flow data analysis can be combined
to achieve synergy, by providing more information about whether a
workstation is infected by malware, leading to more informed
decisions.
more here...........http://essay.utwente.nl/64999/1/thesis.pdf