CW+ Premium Content/E-Handbooks

Thank you for joining!
Access your Pro+ Content below.
September 2016

Sandnet++ – A framework for analysing and visualising network traffic from malware

Sponsored by ComputerWeekly.com

This article in our Royal Holloway Security Series looks at Sandnet++, a framework for analysing and visualising network traffic from malware

Table Of Contents

  • One important step in combating malware is to understand how it communicates over a computer network. Most malware has to communicate remotely, whether to infect further victims, exfiltrate stolen information or receive instructions.
  • Examining the network traffic generated by malware provides an opportunity to identify the unique features found only in malware traffic, and use these to distinguish it from benign traffic. Only if malware traffic is identifiable can it be blocked or otherwise disrupted. 
  • This article presents Sandnet++, a framework for analysing and visualising network traffic from malware. We also present several case studies showing how the Sandnet++ framework can be used to extract malware traffic features, allowing better malware detection.