Many types of modern malware utilize HTTP-based communications. Network-level behavioral signature/modeling in malware detection has some advantages, compared with traditional AV signature, or system-level behavioral models. Here we present a novel malware detection method based on URL behavioral modeling. The method has taken advantage of common practices of code re-use among many types of malware.
by Hao Dong and Jin Shang
Full Abstract & Presentation Materials: