ExecScent swMATH ID: 23931 Software Authors: Nelms, T., Perdisci, R., Ahamad, M. Description: ExecScent: mining for new C&C domains in live networks with adaptive control protocol templates. In this paper, we present ExecScent, a novel system that aims to mine new, previously unknown C&C domain names from live enterprise network traffic. ExecScent automatically learns control protocol templates (CPTs) from examples of known C&C communications. These CPTs are then adapted to the “background traffic” of the network where the templates are to be deployed. The goal is to generate hybrid templates that can self-tune to each specific deployment scenario, thus yielding a better trade-off between true and false positives for a given network environment. To the best of our knowledge, ExecScent is the first system to use this type of adaptive C&C traffic models. We implemented a prototype version of ExecScent, and deployed it in three different large networks for a period of two weeks. During the deployment, we discovered many new, previously unknown C&C domains and hundreds of new infected machines, compared to using a large up-to-date commercial C&C domain blacklist. Furthermore, we deployed the new C&C domains mined by ExecScent to six large ISP networks, discovering more than 25,000 new infected machines. Homepage: https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/nelms Related Software: BotMiner; ElemStatLearn; Keras; TensorFlow; word2vec; Scikit; Panorama; KEA; FIRMA; VAMO; Polygraph; Hamsa; Autograph; BitShred; PhishEye; BotProfiler; BotTokenizer; BotSniffer Cited in: 3 Publications all top 5 Cited by 14 Authors 1 Jiang, Jianguo 1 Knaebel, René 1 Machlica, Lukáš 1 Neil, Joshua C. 1 Pevný, Tomáš 1 Prasse, Paul 1 Qi, Biao 1 Scheffer, Tobias 1 Sexton, Joseph 1 Shi, Zhixin 1 Storlie, Curtis B. 1 Wang, Jizhi 1 Wang, Qiwen 1 Wang, Yan Cited in 2 Serials 1 Machine Learning 1 Statistical Analysis and Data Mining Cited in 3 Fields 2 Computer science (68-XX) 1 Statistics (62-XX) 1 Information and communication theory, circuits (94-XX) Citations by Year